THE April 2026 Security Update Review, dated 14 April 2026, by Dustin Childs, notes a record Patch Tuesday with patches from Adobe and Microsoft and exploits in the wild adding urgency. Adobe released 12 bulletins addressing 61 CVEs across Acrobat Reader, InDesign, InCopy, FrameMaker, Connect, ColdFusion, Bridge, Photoshop, Illustrator, Experience Manager Screens, and the DNG SDK, with three ColdFusion bugs coming through the TrendAI ZDI programme.
Microsoft delivered 163 new CVEs across Windows and related components, bringing the total to 247 updates, with six bugs reported through TrendAI ZDI and eight rated Critical. Examples highlighted include CVE-2026-32201 (Microsoft SharePoint Server Spoofing) and CVE-2026-33827 (Windows TCP/IP Remote Code Execution), while CVE-2026-33824 (IKE Service Extensions) is also discussed as a notable RCE risk.
The piece emphasises that several DoS and information-disclosure bugs exist alongside numerous Elevation of Privilege flaws, and it notes plans to attend Berlin for the next Patch Tuesday on 12 May.