Description
A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value which could be checked out. This leads to high impact on data integrity, with no impact on data confidentiality or availability of the application.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
- Attack Vector
- network
- Complexity
- high
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- high
- Availability
- none
- Weaknesses
- CWE-366CWE-362
Metadata
- Primary Vendor
- SAP
- Published
- 2/10/2026
- Last Modified
- 2/17/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
sap : commerce_cloudsap : commerce_cloud
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.