SAP confirms a critical flaw in NetWeaver, suspected to be a zero-day, that allows hackers to upload JSP web shells, enabling unauthorized file uploads and code execution. This poses a significant cybersecurity threat to affected systems.