April Patch Tuesday: Critical Vulnerabilities Addressed

April Patch Tuesday: Critical Vulnerabilities Addressed

Posted on By CWS

In April’s Patch Tuesday, significant security flaws have been addressed across multiple vendors, including SAP, Adobe, Microsoft, and Fortinet. These updates are crucial for safeguarding systems against potential data breaches and unauthorized access.

SAP and Adobe Vulnerabilities

A major focus of this month’s updates is an SQL injection vulnerability in SAP’s Business Planning and Consolidation and Business Warehouse applications, identified as CVE-2026-27681 with a CVSS score of 9.9. This flaw allows low-privileged users to execute arbitrary SQL commands, posing risks of data extraction and manipulation. The vulnerability could lead to disrupted business operations and potential data theft, as explained by Onapsis and Pathlock.

Adobe has addressed a critical remote code execution vulnerability in Acrobat Reader, noted as CVE-2026-34621 with a CVSS score of 8.6, which is currently being exploited in the wild. Additionally, Adobe patched five critical flaws in ColdFusion that could lead to serious security breaches, including arbitrary code execution and denial-of-service attacks.

Fortinet and Microsoft Security Fixes

Fortinet’s updates include fixes for two critical vulnerabilities in FortiSandbox, both carrying a CVSS score of 9.1. These flaws could allow attackers to bypass authentication and execute unauthorized commands, emphasizing the need for immediate updates to FortiSandbox JRPC API and related systems.

Microsoft also released fixes for 169 security issues, including a critical spoofing vulnerability in SharePoint Server, CVE-2026-32201. This defect could expose sensitive information and facilitate data theft through ransom demands, as highlighted by Immersive’s Kev Breen.

Additional Vendor Updates

Beyond these major players, a wide array of other vendors have rolled out security updates. This includes companies like Apple, Cisco, Google, IBM, and many more, covering a wide range of products and services. These patches are essential for protecting systems from exploitation and ensuring data integrity.

The breadth of this month’s updates underscores the ongoing efforts of software providers to address security vulnerabilities. Users are strongly encouraged to apply these patches promptly to mitigate risks of cyber threats.

As the digital landscape continues to evolve, maintaining up-to-date security measures is crucial for preventing potential breaches and ensuring the safety of sensitive information.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan The Hacker News
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces The Hacker News
Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More The Hacker News
Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets The Hacker News
3 Ways to Protect Your Business in 2026 3 Ways to Protect Your Business in 2026 The Hacker News
5 Threats That Reshaped Web Security This Year [2025] 5 Threats That Reshaped Web Security This Year [2025] The Hacker News