SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities

The third security note released on SAP’s March 2026Security Patch Dayresolves CVE-2026-27689 (CVSS score of 7.7), a high-severity DoS bug in Supply Chain Management.The issue allows an attacker to repeatedly call an unspecified function with an extremely large loop control parameter, eventually exhausting system resources through continuous execution.SAP’s remaining new security notes resolve medium-severity issues in NetWeaver, Business One, Business Warehouse, S/4HANA, Customer Checkout 2.0, GUI for Windows, and Solution Tools Plug-In.The resolved security defects include server-side request forgery (SSRF), missing authorization check, SQL injection, XSS, insecure storage protection, DLL hijacking, and DoS flaws.SAP makes no mention of any of these vulnerabilities being exploited in the wild, but users should update their deployments as soon as possible.Related:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:SAP’s January 2026 Security Updates Patch Critical VulnerabilitiesRelated:Cisco Patches Critical Vulnerabilities in Enterprise Networking ProductsRelated:Android Update Patches Exploited Qualcomm Zero-Day

The issue allows an attacker to repeatedly call an unspecified function with an extremely large loop control parameter, eventually exhausting system resources through continuous execution.SAP’s remaining new security notes resolve medium-severity issues in NetWeaver, Business One, Business Warehouse, S/4HANA, Customer Checkout 2.0, GUI for Windows, and Solution Tools Plug-In.The resolved security defects include server-side request forgery (SSRF), missing authorization check, SQL injection, XSS, insecure storage protection, DLL hijacking, and DoS flaws.SAP makes no mention of any of these vulnerabilities being exploited in the wild, but users should update their deployments as soon as possible.Related:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:SAP’s January 2026 Security Updates Patch Critical VulnerabilitiesRelated:Cisco Patches Critical Vulnerabilities in Enterprise Networking ProductsRelated:Android Update Patches Exploited Qualcomm Zero-Day

SAP’s remaining new security notes resolve medium-severity issues in NetWeaver, Business One, Business Warehouse, S/4HANA, Customer Checkout 2.0, GUI for Windows, and Solution Tools Plug-In.The resolved security defects include server-side request forgery (SSRF), missing authorization check, SQL injection, XSS, insecure storage protection, DLL hijacking, and DoS flaws.SAP makes no mention of any of these vulnerabilities being exploited in the wild, but users should update their deployments as soon as possible.Related:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:SAP’s January 2026 Security Updates Patch Critical VulnerabilitiesRelated:Cisco Patches Critical Vulnerabilities in Enterprise Networking ProductsRelated:Android Update Patches Exploited Qualcomm Zero-Day

The resolved security defects include server-side request forgery (SSRF), missing authorization check, SQL injection, XSS, insecure storage protection, DLL hijacking, and DoS flaws.SAP makes no mention of any of these vulnerabilities being exploited in the wild, but users should update their deployments as soon as possible.Related:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:SAP’s January 2026 Security Updates Patch Critical VulnerabilitiesRelated:Cisco Patches Critical Vulnerabilities in Enterprise Networking ProductsRelated:Android Update Patches Exploited Qualcomm Zero-Day

SAP makes no mention of any of these vulnerabilities being exploited in the wild, but users should update their deployments as soon as possible.Related:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:SAP’s January 2026 Security Updates Patch Critical VulnerabilitiesRelated:Cisco Patches Critical Vulnerabilities in Enterprise Networking ProductsRelated:Android Update Patches Exploited Qualcomm Zero-Day

Related:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:SAP’s January 2026 Security Updates Patch Critical VulnerabilitiesRelated:Cisco Patches Critical Vulnerabilities in Enterprise Networking ProductsRelated:Android Update Patches Exploited Qualcomm Zero-Day

Related:SAP’s January 2026 Security Updates Patch Critical VulnerabilitiesRelated:Cisco Patches Critical Vulnerabilities in Enterprise Networking ProductsRelated:Android Update Patches Exploited Qualcomm Zero-Day

Related:Cisco Patches Critical Vulnerabilities in Enterprise Networking ProductsRelated:Android Update Patches Exploited Qualcomm Zero-Day

Related:Android Update Patches Exploited Qualcomm Zero-Day

Ionut Arghire is an international correspondent for SecurityWeek.

Source: SecurityWeek