In April’s Patch Tuesday, significant security flaws have been addressed across multiple vendors, including SAP, Adobe, Microsoft, and Fortinet. These updates are crucial for safeguarding systems against potential data breaches and unauthorized access.
SAP and Adobe Vulnerabilities
A major focus of this month’s updates is an SQL injection vulnerability in SAP’s Business Planning and Consolidation and Business Warehouse applications, identified as CVE-2026-27681 with a CVSS score of 9.9. This flaw allows low-privileged users to execute arbitrary SQL commands, posing risks of data extraction and manipulation. The vulnerability could lead to disrupted business operations and potential data theft, as explained by Onapsis and Pathlock.
Adobe has addressed a critical remote code execution vulnerability in Acrobat Reader, noted as CVE-2026-34621 with a CVSS score of 8.6, which is currently being exploited in the wild. Additionally, Adobe patched five critical flaws in ColdFusion that could lead to serious security breaches, including arbitrary code execution and denial-of-service attacks.
Fortinet and Microsoft Security Fixes
Fortinet’s updates include fixes for two critical vulnerabilities in FortiSandbox, both carrying a CVSS score of 9.1. These flaws could allow attackers to bypass authentication and execute unauthorized commands, emphasizing the need for immediate updates to FortiSandbox JRPC API and related systems.
Microsoft also released fixes for 169 security issues, including a critical spoofing vulnerability in SharePoint Server, CVE-2026-32201. This defect could expose sensitive information and facilitate data theft through ransom demands, as highlighted by Immersive’s Kev Breen.
Additional Vendor Updates
Beyond these major players, a wide array of other vendors have rolled out security updates. This includes companies like Apple, Cisco, Google, IBM, and many more, covering a wide range of products and services. These patches are essential for protecting systems from exploitation and ensuring data integrity.
The breadth of this month’s updates underscores the ongoing efforts of software providers to address security vulnerabilities. Users are strongly encouraged to apply these patches promptly to mitigate risks of cyber threats.
As the digital landscape continues to evolve, maintaining up-to-date security measures is crucial for preventing potential breaches and ensuring the safety of sensitive information.
