SAP Releases Critical Security Patches for January 2026 - Immediate Action Required

SAP releases 17 patches fixing critical vulnerabilities, including a 9.9 severity SQL injection bug threatening enterprise systems.

By Content Team

Jan 13, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

SAP dropped 17 security patches on January 13, 2026, targeting dangerous vulnerabilities that could let attackers take complete control of enterprise systems. Four critical flaws scored up to 9.9 on the severity scale, including a SQL injection bug in S/4HANA financials (CVE-2026-0501) that lets low-level users steal financial data.

The scariest issue hits SAP's monitoring tool - unauthenticated attackers can remotely execute code just by tricking users into clicking something malicious. Two other code injection flaws in S/4HANA and Landscape Transformation scored 9.1, allowing privileged users to run malicious code remotely.

SAP urges administrators to patch the SQL injection and remote code execution vulnerabilities within 24 hours. Companies should test updates in staging environments first, focusing on S/4HANA and HANA systems that power most enterprise operations.

Source: Cyber Security News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Critical Gogs Zero-Day Exploited: 700+ Git Servers Compromised

Dec 12, 2025

Notepad++ Update System Hijacked in Months-Long Supply Chain Attack

Feb 7, 2026

Microsoft Patches 63 Vulnerabilities in November, Including Exploited Zero-Day

Nov 12, 2025

New 'CrashFix' Scam Intentionally Crashes Browsers to Deliver Malware

Jan 21, 2026