/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- Multiple on-premise & cloud commerce instances are flagged by a vulnerability scanner for CVE‑2026‑22740
- The detected component is springframework:spring-web:5.3.47 used by the platform
Read more...
Environment
SAP Commerce Cloud 2211, SAP Commerce Cloud JDK21, SAP Commerce Cloud 2205
Product
SAP Commerce Cloud 2205 ; SAP Commerce Cloud 2211 ; SAP Commerce Cloud 2211 for JDK21
Keywords
CVE-2026-22740, spring webflux, multipart, temporary files, denial of service, DoS, spring-web 5.3.47, vulnerability scanner, commerce on-premise, exploitability, mitigation, springframework, false positive, security, webflux multipart , KBA , CEC-SCC-PLA-PL , Platform , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)