April’s Patch Tuesday has revealed several critical vulnerabilities affecting major software products from Adobe, Fortinet, Microsoft, and SAP. Among these, an SQL injection flaw in SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) stands out, potentially allowing attackers to execute arbitrary database commands.
Impact of SAP Vulnerability
The identified vulnerability in SAP’s ABAP program permits low-privileged users to upload files containing arbitrary SQL statements, which could then be executed. This could lead to unauthorized access to sensitive data, manipulation of planning figures, and disruption of business operations. Onapsis noted that such exploitation could result in significant data theft or operational disruption.
Adobe’s Critical Flaws
Adobe has also addressed a critical remote code execution vulnerability in Acrobat Reader (CVE-2026-34621, CVSS score: 8.6), which is currently being exploited in the wild. However, details regarding the extent of the impact, the actors involved, and specific targets remain unclear. Additionally, Adobe patched five critical vulnerabilities in ColdFusion versions 2025 and 2023, which could lead to arbitrary code execution and other severe security issues.
Fortinet Vulnerabilities
Fortinet has released fixes for two critical vulnerabilities in FortiSandbox, both rated CVSS 9.1. The first, CVE-2026-39813, is a path traversal vulnerability that could allow unauthenticated attackers to bypass authentication. The second, CVE-2026-39808, involves an operating system command injection vulnerability that could enable unauthorized code execution. These vulnerabilities were addressed in FortiSandbox versions 4.4.9 and 5.0.6.
Microsoft’s Extensive Updates
Microsoft has addressed a total of 169 security defects, including a spoofing vulnerability in Microsoft SharePoint Server (CVE-2026-32201, CVSS score: 6.5). This vulnerability could allow attackers to view sensitive information and is reportedly being actively exploited. The lack of detailed information regarding the exploitation context raises concerns about potential data theft and the deployment of malicious documents within SharePoint services.
In addition to these major vendors, numerous other companies have issued security updates over the past weeks to address various vulnerabilities, underscoring the importance of timely patching and vigilance in cybersecurity practices.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
