SAP's Classified Cloud Green Light Shadows by Critical Security Flaws as Shares Dip
10.06.2026 - 16:45:54 | boerse-global.de
SAP found itself in a curious spotlight this week: one hand waving approval from Germany’s BSI to host classified government data, the other scrambling to plug four critical security holes that let hackers seize control without a password. The juxtaposition underscores the challenge facing Europe’s largest software firm as it tries to sell trust in the cloud while defending its own infrastructure.
The BSI gave the green light for SAP to process official data marked "Nur für den Dienstgebrauch" (for official use only) at its data centres in Walldorf and St. Leon?Rot. The clearance, which requires exclusively security?vetted personnel, is a steppingstone towards a full ISO certification of the cloud environment. It strengthens SAP’s pitch to public?sector clients and heavily regulated industries — a market where sovereign cloud solutions are a prerequisite.
Yet on the very same patch cycle, SAP disclosed 15 vulnerabilities in systems ranging from NetWeaver to the Commerce Cloud. Four of them carry critical CVSS scores above 9.0:
- CVE?2026?44748 (CVSS 9.9) – XML manipulation in SAML authentication
- CVE?2026?27671 (CVSS 9.8) – memory corruption in the ABAP kernel requiring no authentication
- CVE?2026?22732 (CVSS 9.1) – a Spring Security flaw in the Commerce Cloud
- CVE?2026?40128 (CVSS 9.0) – path traversal in NetWeaver Java
The first two are particularly dangerous: attackers can fully compromise systems or siphon sensitive user data without a username or password. The disclosures forced customers to apply emergency updates.
Should investors sell immediately? Or is it worth buying SAP?
Investors reacted to the security news by pushing SAP’s shares down 3.67% to €149.56, breaking the stock below its 100?day moving average. Earlier in the week, the BSI clearance had already triggered a 3.5% slide to €149.82 — a sign that the market viewed the strategic advance as insufficient to offset near?term headwinds.
Since the start of 2026, SAP has lost roughly 26% of its value. The gap to last year’s record high of €266.25 is now almost 44%, and the long?term average around €188 looks distant.
A separate EU competition probe is adding to the gloom. Brussels is investigating whether SAP unfairly restricts third?party maintenance providers. The company has responded by offering customers more freedom to choose support vendors and expects the case to be dropped if rivals raise no objections. No fine is anticipated, and management does not see material financial impact from the concessions.
SAP at a turning point? This analysis reveals what investors need to know now.
Underpinning the trouble is a cloud business that continues to deliver solid numbers. In the first quarter, SAP’s cloud?order backlog reached €21.9 billion, up 25% on a currency?adjusted basis. Cloud revenues rose 27% in constant currency (or 19% reported). Operating profit improved 17%, and total sales grew 6%.
That operational strength provides a cushion, but the market wants to see the BSI certification and the security patch cycle turn into measurable contract wins. Until then, the shares are caught between a strategic upgrade in the public sector and a technical downgrade in risk perception.
Ad
SAP Stock: New Analysis - 10 June
Fresh SAP information released. What's the impact for investors? Our latest independent report examines recent figures and market trends.
