""At this pace, 2026 is on track to affirm that 1,000+ Patch Tuesday CVEs annually is the norm," Satnam Narang, senior staff research engineer at Tenable, said."
""Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network," Microsoft said in an advisory."
""Elevation of privilege bugs continue to dominate the Patch Tuesday cycle over the last eight months, accounting for a record 57% of all CVEs patched in April.""
Microsoft released updates for 169 security vulnerabilities, with 157 rated Important and eight rated Critical. The vulnerabilities include privilege escalation, information disclosure, and remote code execution. Among the flaws are four non-Microsoft CVEs affecting AMD, Node.js, Windows Secure Boot, and Git for Windows. This release is the second largest Patch Tuesday, following a record in October 2025. Elevation of privilege bugs dominate the recent patches, while remote code execution vulnerabilities have decreased significantly. One vulnerability, CVE-2026-32201, is actively exploited and affects Microsoft SharePoint Server.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]