cvedb.io
CVE-2026-23684
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2026-02-10T04:16:02.683 · Last modified 2026-06-17T10:21:57.100

Summary

A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value which could be checked out. This leads to high impact on data integrity, with no impact on data confidentiality or availability of the application.

Affected products

sap — commerce_cloud

Does this affect you?

Add your gear to cvedb and we'll alert you only when sap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.