SAP’s Four-Alarm Security Warning Piles Pressure on a Stock Already in Freefall
11.06.2026 - 05:04:53 | boerse-global.de
When a software giant patches four critical vulnerabilities in a single batch, the market tends to listen — especially when one of them scores a near-perfect 9.9 on the CVSS scale. SAP’s June patch day was no routine maintenance. It delivered a stark reminder that even the most ambitious AI strategies rest on infrastructure that must be bulletproof. For a stock already down 43% over the past twelve months, the timing could hardly be worse.
The most alarming flaw, CVE-2026-44748, targets NetWeaver AS ABAP and the ABAP Platform with a CVSS score of 9.9. An attacker with standard privileges can intercept signed SAML messages and feed manipulated XML documents containing forged identity data to the verifier. The system swallows the false information, granting the attacker access to sensitive user data. Companies relying on single sign-on or federated authentication are especially exposed. Disabling SAML authentication offers a temporary workaround, but it doesn’t cover every scenario.
Even more troubling is CVE-2026-27671, rated 9.8, which lurks in the RFC protocol of the SAP kernel. No authentication, no user interaction required — just a memory corruption bug waiting to be triggered. The US cybersecurity agency CISA has flagged it as automatable, meaning large-scale attacks are a realistic threat. There is no workaround; only a kernel update closes the door. Two other critical vulnerabilities round out the batch: CVE-2026-22732 in SAP Commerce Cloud and Data Hub, and CVE-2026-40128 in NetWeaver Application Server Java, which allows manipulated HTTP requests to expose sensitive data or crash systems.
Should investors sell immediately? Or is it worth buying SAP?
The security disclosures land at a moment when SAP’s share price is already under severe duress. At Wednesday’s close of €148.16, the stock has shed roughly 43% over the past twelve months and 26.68% since the start of the year. In the last seven days alone, it dropped a further 8.43%. The technical picture is bleak: the price sits just below its 50-day moving average of €149.53 and more than 21% below the 200-day average of €188.50. The relative strength index of 44.5 signals no clear direction, while annualized volatility of nearly 44% is unusually high for a European heavyweight. The 52-week low of €135.52 is only 9% away.
Operationally, SAP continues to deliver solid numbers. The current cloud backlog rose to €21.9 billion in the first quarter, up 20% year-over-year, and cloud ERP grew 23%. But those figures have failed to restore investor confidence. Analysts point to a sluggish migration to consumption-based pricing models and growing doubts about the future pace of cloud backlog expansion. Meanwhile, SAP is spending heavily — the Reltio acquisition has closed, and the company is committing over €1 billion over four years for Dremio and Prior Labs, pending regulatory approval.
The security revelations highlight a deeper tension in SAP’s strategic narrative. The company’s vision for autonomous business processes and AI agents depends on trust in the underlying systems. Patch days like this one remind customers that NetWeaver, data platforms, and AI agents form an inseparable operating reality. A glitch in authentication or a gap in access control can derail the most sophisticated automation. As one analyst put it, the stock has become a pure bet on control — not on hype.
The modest 4% recovery over the past 30 days barely registers against the broader slide. It suggests investors are pausing to reassess, not renewed conviction. SAP’s next catalyst won’t be a flashy AI announcement. It will be proof that security, migration, and automation can work together seamlessly — and that the company can rebuild the trust that markets have so clearly withdrawn. At current levels around €148, the stock is trading on probation. Trust has become SAP’s most expensive currency.
Ad
SAP Stock: New Analysis - 11 June
Fresh SAP information released. What's the impact for investors? Our latest independent report examines recent figures and market trends.
