April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
https://thehackernews.com/2026/04/april-patch-tuesday-fixes-critical.html
Publish Date: 2026-04-15 08:37:00
Source Domain: thehackernews.com
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April’s Patch Tuesday releases.
Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database commands.
“The vulnerable ABAP program allows a low-privileged user to upload a file with arbitrary SQL statements that will then be executed,” Onapsis said in an advisory.
In a potential attack scenario, a bad actor could abuse the affected upload-related functionality to run malicious SQL against BW/BPC data stores, extract sensitive data, and delete or corrupt database content.
“Manipulated planning figures, broken reports, or deleted consolidation data can undermine close processes, executive reporting, and operational planning,” Pathlock said. “In the wrong hands, this issue also creates a credible path to both stealthy data theft and overt business disruption.”
Another security vulnerability that deserves a mention is a critical-severity remote code execution in Adobe Acrobat Reader (CVE-2026-34621, CVSS score: 8.6) that has come under active exploitation in the wild.
That said, there are many unknowns at this stage. It is not clear how many people have been affected by the hacking campaign. Nor is there any information about who is behind the activity, who is being targeted, and what their motives could be.
Also patched by Adobe are five critical flaws in ColdFusion versions 2025 and 2023 that, if successfully exploited, could lead to arbitrary code execution, application denial-of-service, arbitrary file system read, and security feature bypass.
The vulnerabilities are listed below –
- CVE-2026-34619 (CVSS score: 7.7) – A path traversal vulnerability leading to security feature bypass
- CVE-2026-27304 (CVSS…
