April Patch Tuesday: Critical Security Updates Released

On April 11, 2026, several companies, including SAP, Adobe, Microsoft, and Fortinet, released security-related updates to address critical vulnerabilities in their products. These measures are part of the monthly Patch Tuesday, aimed at enhancing the security of software applications and preventing potential attacks. The most severe vulnerability affects SAP Business Planning and Consolidation as well as SAP Business Warehouse. The vulnerability identified as CVE-2026-27681 has a CVSS score of 9.9 and allows attackers to execute arbitrary database commands through SQL injection.

This could lead to complete data loss or the compromise of sensitive information. Adobe has also addressed several critical security vulnerabilities in its products. Among the fixed vulnerabilities is one that allows attackers to execute arbitrary code when a user opens a specially crafted file. This vulnerability particularly affects Adobe Acrobat and Adobe Reader. Microsoft has released updates this month for a variety of its products, including Windows 11 and Office 2024.

One of the critical vulnerabilities that have been fixed concerns Windows authentication, which could allow attackers to gain unauthorized access to systems. Microsoft recommends that all users install the updates promptly to protect their systems. Fortinet has also provided security updates to close several vulnerabilities in its firewall products. One of the critical gaps could allow attackers to take control of affected systems. Fortinet has urged affected customers to implement the updates as soon as possible.

The release of these updates comes at a time when cyberattacks on businesses and organizations worldwide are increasing. Security researchers warn that attackers often specifically target unprotected systems to exploit vulnerabilities. The rapid response of companies to these threats is crucial for protecting sensitive data. IT security experts advise businesses to conduct regular security assessments and ensure that all software applications are up to date. Implementing security updates should be part of a comprehensive security strategy to prevent potential attacks.

The vulnerability CVE-2026-27681 is estimated by SAP to affect several thousand companies worldwide that rely on the affected products. The urgency of the updates is underscored by the high number of potential target systems. The security updates are available immediately and can be downloaded through the respective update mechanisms of the software products. Companies should ensure that all relevant systems are updated to minimize security risks. The next scheduled release of security updates by Microsoft and other companies is set for May 11, 2026, giving businesses the opportunity to secure their systems by then.