April 2026 Patch Tuesday Delivers Critical Fixes From SAP, Adobe, Microsoft, and Fortinet

The April 2026 Patch Tuesday cycle brought a heavy round of security updates from multiple major vendors. Microsoft addressed dozens of vulnerabilities across Windows, Office, and Azure components, including several critical remote code execution flaws and at least one zero-day under active exploitation. SAP and Adobe also shipped significant patches targeting their enterprise and creative software stacks.

Fortinet issued fixes for vulnerabilities in its network security appliances, which have been frequent targets for threat actors in recent months. The breadth of this month’s patches underscores the ongoing challenge organizations face in keeping enterprise software stacks current, particularly as attackers increasingly chain lower-severity bugs to achieve critical impact.

Security teams should prioritize the actively exploited vulnerabilities and any flaws affecting internet-facing infrastructure, especially Fortinet appliances and Microsoft Exchange or remote access components, which remain high-value targets for both state-sponsored and financially motivated threat groups.