The April 2026 Security Update Review
Zero Day Initiative - Blog · · CVE-2026-32201, CVE-2026-33825, CVE-2026-33827, CVE-2026-33824, CVE-2026-5281, CVE-2026-23666, CVE-2026-32190, CVE-2026-33114, CVE-2026-33115, CVE-2026-32157, CVE-2026-33826, CVE-2026-26171, CVE-2026-32226, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116, CVE-2023-20585, CVE-2026-32072, CVE-2026-25184, CVE-2026-32171, CVE-2026-32168, CVE-2026-32192, CVE-2026-32181, CVE-2026-27924, CVE-2026-32152, CVE-2026-32154, CVE-2026-27923, CVE-2026-32155, CVE-2026-23653, CVE-2026-32631, CVE-2026-33096, CVE-2026-25250, CVE-2026-26181, CVE-2026-32219, CVE-2026-32091, CVE-2026-26152, CVE-2026-33103, CVE-2026-32188, CVE-2026-32189, CVE-2026-32197, CVE-2026-32198, CVE-2026-32199, CVE-2026-32184, CVE-2026-26155, CVE-2026-27914, CVE-2026-26149, CVE-2026-32200, CVE-2026-26143, CVE-2026-33120, CVE-2026-20945, CVE-2026-33822, CVE-2026-33095, CVE-2026-23657, CVE-2026-32081, CVE-2026-26170, CVE-2026-26183, CVE-2026-26160, CVE-2026-26159, CVE-2026-26151, CVE-2026-32085, CVE-2026-32167, CVE-2026-32176, CVE-2026-0390, CVE-2026-32220, CVE-2026-32212, CVE-2026-32214, CVE-2026-32079, CVE-2026-33104, CVE-2026-32196, CVE-2026-26178, CVE-2026-32073, CVE-2026-26168, CVE-2026-26173, CVE-2026-26177, CVE-2026-26182, CVE-2026-27922, CVE-2026-33099, CVE-2026-33100, CVE-2026-32088, CVE-2026-27913, CVE-2026-26175, CVE-2026-32162, CVE-2026-20806, CVE-2026-26176, CVE-2026-27926, CVE-2026-32070, CVE-2026-33098, CVE-2026-26153, CVE-2026-32087, CVE-2026-32093, CVE-2026-32086, CVE-2026-32150, CVE-2026-27931, CVE-2026-27930, CVE-2026-32221, CVE-2026-27906, CVE-2026-27928, CVE-2026-26156, CVE-2026-32149, CVE-2026-27910, CVE-2026-27912, CVE-2026-26179, CVE-2026-26180, CVE-2026-32195, CVE-2026-26163, CVE-2026-32215, CVE-2026-32217, CVE-2026-32218, CVE-2026-26169, CVE-2026-27929, CVE-2026-32071, CVE-2026-20930, CVE-2026-26162, CVE-2026-33101, CVE-2026-32084, CVE-2026-27927, CVE-2026-26184, CVE-2026-32069, CVE-2026-32074, CVE-2026-32078, CVE-2026-26167, CVE-2026-32158, CVE-2026-32159, CVE-2026-32160, CVE-2026-26172, CVE-2026-20928, CVE-2026-32216, CVE-2026-27909, CVE-2026-26161, CVE-2026-26174, CVE-2026-32224, CVE-2026-26154, CVE-2026-26165, CVE-2026-26166, CVE-2026-27918, CVE-2026-32151, CVE-2026-32225, CVE-2026-32202, CVE-2026-32082, CVE-2026-32083, CVE-2026-32068, CVE-2026-32183, CVE-2026-32089, CVE-2026-32090, CVE-2026-32153, CVE-2026-27907, CVE-2026-32076, CVE-2026-27908, CVE-2026-27921, CVE-2026-27915, CVE-2026-27919, CVE-2026-32075, CVE-2026-27916, CVE-2026-27920, CVE-2026-32077, CVE-2026-27925, CVE-2026-32156, CVE-2026-32223, CVE-2026-32165, CVE-2026-27911, CVE-2026-32163, CVE-2026-32164, CVE-2026-23670, CVE-2026-27917, CVE-2026-32080, CVE-2026-32222, CVE-2026-21637, CVE-2026-33119, CVE-2026-33829, CVE-2026-5858, CVE-2026-5859, CVE-2026-5272, CVE-2026-5273, CVE-2026-5274, CVE-2026-5275, CVE-2026-5276, CVE-2026-5277, CVE-2026-5279, CVE-2026-5280, CVE-2026-5283, CVE-2026-5284, CVE-2026-5285, CVE-2026-5286, CVE-2026-5287, CVE-2026-5289, CVE-2026-5290, CVE-2026-5860, CVE-2026-5861, CVE-2026-5862, CVE-2026-5863, CVE-2026-5864, CVE-2026-5865, CVE-2026-5866, CVE-2026-5867, CVE-2026-5868, CVE-2026-5869, CVE-2026-5870, CVE-2026-5871, CVE-2026-5872, CVE-2026-5873, CVE-2026-5291, CVE-2026-5292, CVE-2026-5874, CVE-2026-5875, CVE-2026-5876, CVE-2026-5877, CVE-2026-5878, CVE-2026-5879, CVE-2026-5880, CVE-2026-5881, CVE-2026-5882, CVE-2026-5883, CVE-2026-5884, CVE-2026-5885, CVE-2026-5886, CVE-2026-5887, CVE-2026-5888, CVE-2026-5889, CVE-2026-5890, CVE-2026-5891, CVE-2026-5892, CVE-2026-5893, CVE-2026-5894, CVE-2026-5895, CVE-2026-5896, CVE-2026-5897, CVE-2026-5898, CVE-2026-5899, CVE-2026-5900, CVE-2026-5901, CVE-2026-5902, CVE-2026-5903, CVE-2026-5904, CVE-2026-5905, CVE-2026-5906, CVE-2026-5907, CVE-2026-5908, CVE-2026-5909, CVE-2026-5910, CVE-2026-5911, CVE-2026-5912, CVE-2026-5913, CVE-2026-5914, CVE-2026-5915, CVE-2026-5918, CVE-2026-5919, CVE-2026-33118
Key Insight
CVE-2026-33825 ist eine Elevation-of-Privilege-Lücke in Microsoft Defender (CVSS 7.8) mit öffentlichem PoC; CVE-2026-32201 betrifft SharePoint Server Spoofing , beide Komponenten der Joel Traber AG-Infrastruktur erfordern sofortige Patch-Bewertung und Anwendung.
Beschreibung
Zero Day Initiative — The April 2026 Security Update Review
The April 2026 Security Update Review
April 14, 2026 | Dustin Childs
It’s time once again for Patch Tuesday, and this one is huge. We’ve also got multiple exploits in the wild, which adds another layer of urgency to this month’s release. Take a break from your regularly scheduled activities, and let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here:
**Adobe Patches for April 2026**
For April, Adobe released 12 bulletins addressing 61 unique CVEs in Adobe Acrobat Reader, InDesign, InCopy, FrameMaker, Connect, ColdFusion, Bridge, Photoshop, Illustrator, Experience Manager Screens, and the Adobe DNG SDK. Three of the Cold Fusion bugs came through the TrendAI ZDI program. For this month, I’m introducing an Adobe table as well. I’d love to get your feedback on whether this is helpful.
| Bulletin ID | Product | CVE Count | Highest Severity | Highest CVSS | Exploited | Deployment Priority | | --- | --- | --- | --- | --- | --- | --- | | APSB26-43 | Adobe Acrobat Reader | 1 | Critical | 8.6 | Yes | 1 | | APSB26-44 | Adobe Acrobat Reader | 2 | Critical | 8.6 | No | 2 | | APSB26-32 | Adobe InDesign | 9 | Critical | 7.8 | No | 3 | | APSB26-33 | Adobe InCopy | 2 | Critical | 7.8 | No | 3 | | APSB26-36 | Adobe FrameMaker | 11 | Critical | 8.6 | No | 3 | | APSB26-37 | Adobe Connect | 9 | Critical | 9.6 | No | 3 | | APSB26-38 | Adobe ColdFusion | 7 | Critical | 9.3 | No | 1 | | APSB26-39 | Adobe Bridge | 6 | Critical | 7.8 | No | 3 | | APSB26-40 | Adobe Photoshop | 1 | Critical | 7.8 | No
| CVE | Title | Severity | CVSS | Public | Exploited | Type | | --- | --- | --- | --- | --- | --- | --- | | CVE-2026-32201 | Microsoft SharePoint Server Spoofing Vulnerability | Important | 6.5 | No | Yes | Spoofing | | CVE-2026-5281 * | Chromium: CVE-2026-5281 Use after free in Dawn | High | N/A | No | Yes | RCE | | CVE-2026-33825 | Microsoft Defender Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | EoP | | CVE-2026-23666 | .NET Framework Denial of Service Vulnerability | Critical | 7.5 | No | No | DoS | | CVE-2026-32190 | Microsoft Office Remote Code Execution Vulnerability | Critical | 8.4 | No | No | RCE | | CVE-2026-33114 | Microsoft Word Remote Code Execution Vulnerability | Critical | 8.4 | No | No | RCE | | CVE-2026-33115 | Microsoft Word Remote Code Execution Vulnerability | Critical | 8.4 | No | No | RCE | | CVE-2026-32157 | Remote Desktop Client Remote Code Execution Vulnerability | Critical | 8.8 | No | No | RCE | | CVE-2026-33826 | Windows Active Directory Remote Code Execution Vulnerability | Critical | 8 | No | No | RCE | | CVE-2026-33824 | Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability | Critical | 9.8 | No | No | RCE | | CVE-2026-33827 | Windows TCP/IP Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE | | CVE-2026-26171 | .NET Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | | CVE-2026-32226 | .NET Framework Denial of
No new advisories are being released this month.
I will be in Berlin for the next Patch Tuesday, which will be May 12, and I’ll provide my full thoughts then on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
[zdi@trendmicro.com](mailto:zdi@trendmicro.com)
Find us on X
Find us on Mastodon
[media_relations@trendmicro.com](mailto:media_relations@trendmicro.com)
Risk Score
78- cvss base
- 65.00
- kev bonus
- 20.00
- epss bonus
- 0.00
- poc bonus
- 15.00
- raw before weight
- 100.00
- industry weight
- 1.56
- freshness factor
- 0.50
- days old
- 32.00
Pfad: operational
MITRE ATT&CK Mapping
| Technik | Tactic | Procedure | Conf. | Quelle |
|---|---|---|---|---|
| T1203 Exploitation for Client Execution | Execution | CVE-2026-5281, a use-after-free vulnerability in Chromium's Dawn component, is being actively exploited in the wild to achieve remote code execution via the browser. | high | llm |
| T1068 Exploitation for Privilege Escalation | Privilege Escalation | CVE-2026-33825, a Microsoft Defender Elevation of Privilege vulnerability with a CVSS of 7.8, is publicly known and could be exploited to gain elevated privileges on affected systems. | medium | llm |
| T1566 Phishing | Initial Access | CVE-2026-32201, a Microsoft SharePoint Server Spoofing vulnerability being actively exploited in the wild, could be leveraged to facilitate phishing or credential theft via spoofed SharePoint content. | medium | llm |
| T1190 Exploit Public-Facing Application | Initial Access | CVE-2026-33824 and related vulnerabilities in Microsoft SharePoint and other server-side products could be exploited against publicly accessible applications to gain initial access. | medium | llm |
| T1499 Endpoint Denial of Service | Impact | CVE-2026-23666, a Critical .NET Framework Denial of Service vulnerability with a CVSS of 7.5, could be exploited to disrupt availability of systems running affected .NET Framework versions. | medium | llm |