What is CVE-2026-24321?

CVE-2026-24321 is a medium-severity vulnerability in Sap_se Sap Commerce Cloud, classified under Exposure of Private Personal Information to an Unauthorized Actor. CVSS score: 5.3/10. Published 2026-02-10.

How severe is CVE-2026-24321?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Sap_se Sap Commerce Cloud

CVE-2026-24321

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This v…

EPSS: 0.001 (17.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Sap_se Sap Commerce Cloud — versions HY_COM 2205, COM_CLOUD 2211, 2211-JDK21

Weakness classification (CWE)

CWE-359 — Exposure of Private Personal Information to an Unauthorized Actor

References

Frequently asked questions

What is CVE-2026-24321?: CVE-2026-24321 is a medium-severity vulnerability in Sap_se Sap Commerce Cloud, classified under Exposure of Private Personal Information to an Unauthorized Actor. CVSS score: 5.3/10. Published 2026-02-10.
How severe is CVE-2026-24321?: Medium severity. CVSS v3 base score is 5.3 out of 10.