The April 2026 Security Update Review

Title: Zero Day Initiative — The April 2026 Security Update Review

URL Source: https://www.thezdi.com/blog/2026/4/14/the-april-2026-security-update-review

Published Time: 2026-04-14T12:49:19-0500

Markdown Content: # Zero Day Initiative — The April 2026 Security Update Review

Menu

* [PRIVACY](https://www.trendmicro.com/privacy) * [WHO WE ARE](https://www.thezdi.com/about/) * [HOW IT WORKS](https://www.thezdi.com/about/benefits/) * [BLOG](https://www.thezdi.com/blog/) * [ADVISORIES](https://www.thezdi.com/advisories/) * [LOG IN](https://www.thezdi.com/portal/)[SIGN UP](https://www.thezdi.com/portal/register/)

Menu

* [PRIVACY](https://www.trendmicro.com/privacy/) * [WHO WE ARE](https://www.thezdi.com/about/) * [HOW IT WORKS](https://www.thezdi.com/about/benefits/) * [BLOG](https://www.thezdi.com/blog/) * [ADVISORIES](https://www.thezdi.com/advisories/) * [LOG IN](https://www.thezdi.com/portal/) * [SIGN UP](https://www.thezdi.com/portal/register/)

* *

# The April 2026 Security Update Review

April 14, 2026 | Dustin Childs

[SUBSCRIBE](https://www.zerodayinitiative.com/rss/)

It’s time once again for Patch Tuesday, and this one is huge. We’ve also got multiple exploits in the wild, which adds another layer of urgency to this month’s release. Take a break from your regularly scheduled activities, and let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here:

[Video 1](https://www.youtube.com/watch?v=W4U0A1CHBzM)

**Adobe Patches for April 2026**

For April, Adobe released 12 bulletins addressing 61 unique CVEs in Adobe Acrobat Reader, InDesign, InCopy, FrameMaker, Connect, ColdFusion, Bridge, Photoshop, Illustrator, Experience Manager Screens, and the Adobe DNG SDK. Three of the Cold Fusion bugs came through the TrendAI ZDI program. For this month, I’m introducing an Adobe table as well. I’d love to get your feedback on whether this is helpful.

| Bulletin ID | Product | CVE Count | Highest Severity | Highest CVSS | Exploited | Deployment Priority | | --- | --- | --- | --- | --- | --- | --- | | [APSB26-43](https://helpx.adobe.com/security/products/acrobat/apsb26-43.html) | Adobe Acrobat Reader | 1 | Critical | 8.6 | Yes | 1 | | [APSB26-44](https://helpx.adobe.com/security/products/acrobat/apsb26-44.html) | Adobe Acrobat Reader | 2 | Critical | 8.6 | No | 2 | | [APSB26-32](https://helpx.adobe.com/security/products/indesign/apsb26-32.html) | Adobe InDesign | 9 | Critical | 7.8 | No | 3 | | [APSB26-33](https://helpx.adobe.com/security/products/incopy/apsb26-33.html) | Adobe InCopy | 2 | Critical | 7.8 | No | 3 | | [APSB26-36](https://helpx.adobe.com/security/products/framemaker/apsb26-36.html) | Adobe FrameMaker | 11 | Critical | 8.6 | No | 3 | | [APSB26-37](https://helpx.adobe.com/security/products/connect/apsb26-37.html) | Adobe Connect | 9 | Critical | 9.6 | No | 3 | | [APSB26-38](https://helpx.adobe.com/security/products/coldfusion/apsb26-38.html) | Adobe ColdFusion | 7 | Critical | 9.3 | No | 1 | | [APSB26-39](https://helpx.adobe.com/security/products/bridge/apsb26-39.html) | Adobe Bridge | 6 | Critical | 7.8 | No | 3 | | [APSB26-40](https://helpx.adobe.com/security/products/photoshop/apsb26-40.html) | Adobe Photoshop | 1 | Critical | 7.8 | No […]

[… 54,014 Zeichen — nächste Zone: keyword-dense paragraphs …]

| CVE | Title | Severity | CVSS | Public | Exploited | Type | | --- | --- | --- | --- | --- | --- | --- | | [CVE-2026-32201](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201) | Microsoft SharePoint Server Spoofing Vulnerability | Important | 6.5 | No | Yes | Spoofing | | [CVE-2026-5281 *](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5281) | Chromium: CVE-2026-5281 Use after free in Dawn | High | N/A | No | Yes | RCE | | [CVE-2026-33825](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825) | Microsoft Defender Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | EoP | | [CVE-2026-23666](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23666) | .NET Framework Denial of Service Vulnerability | Critical | 7.5 | No | No | DoS | | [CVE-2026-32190](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32190) | Microsoft Office Remote Code Execution Vulnerability | Critical | 8.4 | No | No | RCE | | [CVE-2026-33114](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33114) | Microsoft Word Remote Code Execution Vulnerability | Critical | 8.4 | No | No | RCE | | [CVE-2026-33115](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33115) | Microsoft Word Remote Code Execution Vulnerability | Critical | 8.4 | No | No | RCE | | [CVE-2026-32157](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32157) | Remote Desktop Client Remote Code Execution Vulnerability | Critical | 8.8 | No | No | RCE | | [CVE-2026-33826](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826) | Windows Active Directory Remote Code Execution Vulnerability | Critical | 8 | No | No | RCE | | [CVE-2026-33824](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824) | Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability | Critical | 9.8 | No | No | RCE | | [CVE-2026-33827](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33827) | Windows TCP/IP Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE | | [CVE-2026-26171](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26171) | .NET Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | | [CVE-2026-32226](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32226) | .NET Framework Denial of […]

More […]

[… 53,419 Zeichen — nächste Zone: tail …]

No new advisories are being released this month.

**Looking Ahead**

I will be in Berlin for the next Patch Tuesday, which will be May 12, and I’ll provide my full thoughts then on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

* [Security Patch](https://www.thezdi.com/blog/tag/Security+Patch) * [Microsoft](https://www.thezdi.com/blog/tag/Microsoft) * [Adobe](https://www.thezdi.com/blog/tag/Adobe)

### General Inquiries

[zdi@trendmicro.com](mailto:zdi@trendmicro.com)

### Find us on X

[@thezdi](https://twitter.com/thezdi)

### Find us on Mastodon

[Mastodon](https://infosec.exchange/@thezdi)

### Media Inquiries

[media_relations@trendmicro.com](mailto:media_relations@trendmicro.com)

### Sensitive Email Communications

[PGP Key](https://www.zerodayinitiative.com/documents/zdi-pgp-key.asc)

[WHO WE ARE](https://www.thezdi.com/about/) * [Our Mission](https://www.thezdi.com/about/) * [TrendAI](https://www.trendmicro.com/) * [TippingPoint IPS](https://www.trendmicro.com/en_us/business/products/network/integrated-atp/next-gen-intrusion-prevention-system.html)

[HOW IT WORKS](https://www.thezdi.com/about/benefits/) * [Process](https://www.thezdi.com/about/benefits/#process) * [Researcher Rewards](https://www.thezdi.com/about/benefits/#researcher-rewards) * [FAQS](https://www.thezdi.com/about/faq/) * [Privacy](https://www.trendmicro.com/privacy/)

[ADVISORIES](https://www.thezdi.com/advisories) * [Published Advisories](https://www.thezdi.com/advisories/published) * [Upcoming Advisories](https://www.thezdi.com/advisories/upcoming) * [RSS Feeds](https://www.thezdi.com/rss)

[BLOG](https://www.thezdi.com/blog)