CVE-2026-23684
Undergoing Analysis
Undergoing Analysis - In Progress
Race Condition in SAP Commerce Cloud Causes Data Integrity Issues
Publication date: 2026-02-10
Last updated on: 2026-02-17
Assigner: SAP SE
Description
Description
A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value which could be checked out. This leads to high impact on data integrity, with no impact on data confidentiality or availability of the application.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | commerce_cloud | 2211 |
| sap | commerce_cloud | 2205 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-366 | If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined. |
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a race condition in the SAP Commerce cloud. It occurs when an attacker adds products to a shopping cart, which may cause the cart to contain entries with incorrect product values. This means the cart could be checked out with erroneous data.
How can this vulnerability impact me? :
The main impact of this vulnerability is on data integrity, as incorrect product values can be introduced into the cart and processed during checkout. There is no impact on data confidentiality or the availability of the application.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70