CVE-2026-27685 – SAP NetWeaver and FS-QUO Critical Deserialization and Code Injection Fix
“Two hidden entry points—one through outdated logging code and another through unsafe data handling—could let attackers take control of core SAP systems.”
SAP’s March 2026 security updates resolve two critical vulnerabilities affecting enterprise SAP environments. The first issue, CVE-2019-17571, impacts SAP Quotation Management Insurance (FS-QUO). The vulnerability stems from the use of Apache Log4j 1.2, where unsafe deserialization in the SocketServer component can allow attackers to execute arbitrary code when malicious log data is processed. CVE-2019-17571 has a CVSS score of 9.8, which is Critical severity.
The second issue, CVE-2026-27685, affects SAP NetWeaver Enterprise Portal Administration. The vulnerability occurs when the application deserializes uploaded content without proper validation. A malicious payload could trigger code execution, denial-of-service conditions, or privilege escalation within the portal environment. CVE-2026-27685 has a CVSS score of 9.1, which is Critical severity.
SAP addressed these vulnerabilities as part of its monthly security patch cycle. No verified reports of real-world exploitation have been confirmed at the time of disclosure.
Key Details
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- CWE Classification
- CWE-502