PATCH Tuesday in April 2026 sees Microsoft publish 167 vulnerabilities, with exploitation in the wild for one and public disclosure for another, while 19 of the published flaws are considered more likely to see future exploitation. So far this month, patches have addressed 80 browser vulnerabilities that are not included in the Patch Tuesday count.
The month has also seen a notable uptick in vulnerability reports across the industry, with Edge’s spike partially attributed to researchers acknowledged by Chromium maintainers, and analysts noting a broader AI-driven rise in reported issues.
Among the notable issues, SharePoint CVE-2026-32201 is described as exploited in the wild, Defender CVE-2026-33825 is described as more likely to be exploited, and Windows Internet Key Exchange CVE-2026-33824 is highlighted as a critical pre-auth remote code execution vulnerability. Patches cover all supported SharePoint versions, and Microsoft lifecycle updates note that extended support ends on 14 April 2026 for several legacy tools.