Zum Inhalt springen
Auto-CTI
Zurück zu heute
KEV MEDIUM

The April 2026 Security Update Review

Zero Day Initiative - Blog · · CVE-2026-32201 , CVE-2026-33825 , CVE-2026-33827 , CVE-2026-33824 , CVE-2026-5281 , CVE-2026-23666 , CVE-2026-32190 , CVE-2026-33114 , CVE-2026-33115 , CVE-2026-32157 , CVE-2026-33826 , CVE-2026-26171 , CVE-2026-32226 , CVE-2026-32178 , CVE-2026-32203 , CVE-2026-33116 , CVE-2023-20585 , CVE-2026-32072 , CVE-2026-25184 , CVE-2026-32171 , CVE-2026-32168 , CVE-2026-32192 , CVE-2026-32181 , CVE-2026-27924 , CVE-2026-32152 , CVE-2026-32154 , CVE-2026-27923 , CVE-2026-32155 , CVE-2026-23653 , CVE-2026-32631 , CVE-2026-33096 , CVE-2026-25250 , CVE-2026-26181 , CVE-2026-32219 , CVE-2026-32091 , CVE-2026-26152 , CVE-2026-33103 , CVE-2026-32188 , CVE-2026-32189 , CVE-2026-32197 , CVE-2026-32198 , CVE-2026-32199 , CVE-2026-32184 , CVE-2026-26155 , CVE-2026-27914 , CVE-2026-26149 , CVE-2026-32200 , CVE-2026-26143 , CVE-2026-33120 , CVE-2026-20945 , CVE-2026-33822 , CVE-2026-33095 , CVE-2026-23657 , CVE-2026-32081 , CVE-2026-26170 , CVE-2026-26183 , CVE-2026-26160 , CVE-2026-26159 , CVE-2026-26151 , CVE-2026-32085 , CVE-2026-32167 , CVE-2026-32176 , CVE-2026-0390 , CVE-2026-32220 , CVE-2026-32212 , CVE-2026-32214 , CVE-2026-32079 , CVE-2026-33104 , CVE-2026-32196 , CVE-2026-26178 , CVE-2026-32073 , CVE-2026-26168 , CVE-2026-26173 , CVE-2026-26177 , CVE-2026-26182 , CVE-2026-27922 , CVE-2026-33099 , CVE-2026-33100 , CVE-2026-32088 , CVE-2026-27913 , CVE-2026-26175 , CVE-2026-32162 , CVE-2026-20806 , CVE-2026-26176 , CVE-2026-27926 , CVE-2026-32070 , CVE-2026-33098 , CVE-2026-26153 , CVE-2026-32087 , CVE-2026-32093 , CVE-2026-32086 , CVE-2026-32150 , CVE-2026-27931 , CVE-2026-27930 , CVE-2026-32221 , CVE-2026-27906 , CVE-2026-27928 , CVE-2026-26156 , CVE-2026-32149 , CVE-2026-27910 , CVE-2026-27912 , CVE-2026-26179 , CVE-2026-26180 , CVE-2026-32195 , CVE-2026-26163 , CVE-2026-32215 , CVE-2026-32217 , CVE-2026-32218 , CVE-2026-26169 , CVE-2026-27929 , CVE-2026-32071 , CVE-2026-20930 , CVE-2026-26162 , CVE-2026-33101 , CVE-2026-32084 , CVE-2026-27927 , CVE-2026-26184 , CVE-2026-32069 , CVE-2026-32074 , CVE-2026-32078 , CVE-2026-26167 , CVE-2026-32158 , CVE-2026-32159 , CVE-2026-32160 , CVE-2026-26172 , CVE-2026-20928 , CVE-2026-32216 , CVE-2026-27909 , CVE-2026-26161 , CVE-2026-26174 , CVE-2026-32224 , CVE-2026-26154 , CVE-2026-26165 , CVE-2026-26166 , CVE-2026-27918 , CVE-2026-32151 , CVE-2026-32225 , CVE-2026-32202 , CVE-2026-32082 , CVE-2026-32083 , CVE-2026-32068 , CVE-2026-32183 , CVE-2026-32089 , CVE-2026-32090 , CVE-2026-32153 , CVE-2026-27907 , CVE-2026-32076 , CVE-2026-27908 , CVE-2026-27921 , CVE-2026-27915 , CVE-2026-27919 , CVE-2026-32075 , CVE-2026-27916 , CVE-2026-27920 , CVE-2026-32077 , CVE-2026-27925 , CVE-2026-32156 , CVE-2026-32223 , CVE-2026-32165 , CVE-2026-27911 , CVE-2026-32163 , CVE-2026-32164 , CVE-2026-23670 , CVE-2026-27917 , CVE-2026-32080 , CVE-2026-32222 , CVE-2026-21637 , CVE-2026-33119 , CVE-2026-33829 , CVE-2026-5858 , CVE-2026-5859 , CVE-2026-5272 , CVE-2026-5273 , CVE-2026-5274 , CVE-2026-5275 , CVE-2026-5276 , CVE-2026-5277 , CVE-2026-5279 , CVE-2026-5280 , CVE-2026-5283 , CVE-2026-5284 , CVE-2026-5285 , CVE-2026-5286 , CVE-2026-5287 , CVE-2026-5289 , CVE-2026-5290 , CVE-2026-5860 , CVE-2026-5861 , CVE-2026-5862 , CVE-2026-5863 , CVE-2026-5864 , CVE-2026-5865 , CVE-2026-5866 , CVE-2026-5867 , CVE-2026-5868 , CVE-2026-5869 , CVE-2026-5870 , CVE-2026-5871 , CVE-2026-5872 , CVE-2026-5873 , CVE-2026-5291 , CVE-2026-5292 , CVE-2026-5874 , CVE-2026-5875 , CVE-2026-5876 , CVE-2026-5877 , CVE-2026-5878 , CVE-2026-5879 , CVE-2026-5880 , CVE-2026-5881 , CVE-2026-5882 , CVE-2026-5883 , CVE-2026-5884 , CVE-2026-5885 , CVE-2026-5886 , CVE-2026-5887 , CVE-2026-5888 , CVE-2026-5889 , CVE-2026-5890 , CVE-2026-5891 , CVE-2026-5892 , CVE-2026-5893 , CVE-2026-5894 , CVE-2026-5895 , CVE-2026-5896 , CVE-2026-5897 , CVE-2026-5898 , CVE-2026-5899 , CVE-2026-5900 , CVE-2026-5901 , CVE-2026-5902 , CVE-2026-5903 , CVE-2026-5904 , CVE-2026-5905 , CVE-2026-5906 , CVE-2026-5907 , CVE-2026-5908 , CVE-2026-5909 , CVE-2026-5910 , CVE-2026-5911 , CVE-2026-5912 , CVE-2026-5913 , CVE-2026-5914 , CVE-2026-5915 , CVE-2026-5918 , CVE-2026-5919 , CVE-2026-33118

Kennzahlen

CVSS
6.5
EPSS
57%
KEV-Frist
28. April 2026

Betroffene Versionen

sharepoint server sharepoint server 2016 sharepoint server 2019

Key Insight

This is a Patch Tuesday roundup covering Adobe and Microsoft security updates relevant to the company's tech stack (Microsoft Windows, Microsoft Defender, Adobe Acrobat Reader, Adobe Creative Cloud, SQL Server), but it is a background aggregation article without active threat campaign or nation-state implications.

Beschreibung

Der Patch Tuesday im April 2026 umfasst 12 Adobe-Bulletins für 61 CVEs in Acrobat Reader, InDesign, Photoshop und anderen Produkten, sowie zahlreiche Microsoft-Patches für Windows, SQL Server und weitere Komponenten. Mehrere Schwachstellen werden aktiv ausgenutzt, insbesondere in Adobe Reader, wobei Elevation-of-Privilege-Bugs überwiegen. Die Schwachstellen ermöglichen lokale Codeausführung mit erhöhten Rechten, SQL-Privilege-Escalation und potenzielle Systemabstürze.

Risk Score

62
cvss base
65.00
kev bonus
20.00
epss bonus
10.00
poc bonus
15.00
raw before weight
110.00
industry weight
1.21
freshness factor
0.50
days old
47.00
vendor mismatch penalty
0.00
consensus penalty
-5.00

Pfad: operational

MITRE ATT&CK Mapping

5 TTPs
Recon
Resource Dev
Initial Access
T1190 Exploit Public-Facing Application
Execution
T1203 Exploitation for Client Execution
Persistence
Priv. Escal.
T1068 Exploitation for Privilege Escalation
Def. Evasion
T1211 Exploitation for Defense Evasion
Cred. Access
Discovery
Lateral Mov.
Collection
C2
Exfiltration
Impact
T1499 Endpoint Denial of Service
Conf.: high medium low

Procedure-Details

Technik Tactic Procedure Conf. Quelle
T1068
Exploitation for Privilege Escalation
 Privilege Escalation Multiple Elevation of Privilege vulnerabilities patched in April 2026, including bugs in Windows kernel, afd.sys, Desktop Windows Manager, SQL Server, and UPnP, allowing local attackers to gain SYSTEM-level, administrative, or SQL sysadmin privileges. high llm
T1203
Exploitation for Client Execution
 Execution CVE in Adobe Acrobat Reader is actively being exploited in the wild, requiring urgent patching as it is under active attack at the time of release. high llm
T1211
Exploitation for Defense Evasion
 Defense Evasion Several vulnerabilities in Windows Push Notifications, AFD for Winsock, Management Services, and User Interface Core allow sandbox escapes, enabling attackers to break out of restricted execution environments. high llm
T1190
Exploit Public-Facing Application
 Initial Access ColdFusion vulnerabilities with a deployment priority of 1 are patched, indicating critical remotely exploitable bugs in the publicly accessible ColdFusion web application platform. medium llm
T1499
Endpoint Denial of Service
 Impact A tampering vulnerability in WSUS allows an attacker to send specially crafted packets that affect service availability, resulting in Denial of Service; additionally, bugs in afd.sys and Desktop Windows Manager could crash affected systems. medium llm
ESC