{"id":233425,"date":"2026-04-15T08:37:00","date_gmt":"2026-04-15T12:37:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/15\/april-patch-tuesday-fixes-critical-flaws-across-sap-adobe-microsoft-fortinet-and-more\/"},"modified":"2026-04-20T13:30:11","modified_gmt":"2026-04-20T17:30:11","slug":"april-patch-tuesday-fixes-critical-flaws-across-sap-adobe-microsoft-fortinet-and-more","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/15\/april-patch-tuesday-fixes-critical-flaws-across-sap-adobe-microsoft-fortinet-and-more\/","title":{"rendered":"April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/april-patch-tuesday-fixes-critical.html\">April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/april-patch-tuesday-fixes-critical.html\">https:\/\/thehackernews.com\/2026\/04\/april-patch-tuesday-fixes-critical.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-15 08:37:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Apr 15, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Data Breach<\/span><\/p>\n<p>A number\u00a0of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April&#8217;s Patch Tuesday\u00a0releases.<\/p>\n<p>Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse\u00a0(CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database\u00a0commands.<\/p>\n<p>&#8220;The vulnerable ABAP program allows a low-privileged user to upload a file with arbitrary SQL statements that will then be executed,&#8221;\u00a0Onapsis said in an\u00a0advisory.<\/p>\n<p>In a potential attack scenario, a bad actor could abuse the affected upload-related functionality to run malicious SQL against BW\/BPC data stores, extract sensitive data, and delete or corrupt database\u00a0content.<\/p>\n<p>&#8220;Manipulated planning figures, broken reports, or deleted consolidation data can undermine close processes, executive reporting, and operational planning,&#8221;\u00a0Pathlock said. &#8220;In the wrong hands, this issue also creates a credible path to both stealthy data theft and overt business disruption.&#8221;<\/p>\n<p>Another security vulnerability that deserves a mention is a critical-severity remote code execution in Adobe Acrobat Reader\u00a0(CVE-2026-34621, CVSS score: 8.6) that has come under active exploitation in the\u00a0wild.<\/p>\n<p>That said, there are many unknowns at this stage. It\u00a0is not clear how many people have been affected by the hacking campaign. Nor\u00a0is there any information about who is behind the activity, who is being targeted, and what their motives could\u00a0be.<\/p>\n<p>Also patched by Adobe\u00a0are five critical flaws in ColdFusion versions 2025 and\u00a02023 that, if successfully exploited, could lead to\u202farbitrary code execution, application denial-of-service, arbitrary file system read, and security feature\u00a0bypass.<\/p>\n<p>The vulnerabilities are listed below\u00a0&#8211;<\/p>\n<ul>\n<li><strong>CVE-2026-34619<\/strong> (CVSS score: 7.7) &#8211; A path traversal vulnerability leading to security feature bypass<\/li>\n<li><strong>CVE-2026-27304<\/strong> (CVSS&#8230;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/april-patch-tuesday-fixes-critical.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More https:\/\/thehackernews.com\/2026\/04\/april-patch-tuesday-fixes-critical.html Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":233426,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj-FBwJYevQ8Ner9ypyp5-H1XIPfa5guhQXC-W4llTZuBI072vjCoxKh9PUexQBZGJIeuZXoBAKboz9xz5Gzd0p1SiT5UME0wd0lTTOS6EIh3nJ6vsAeMzGmT0P38ry2ySiLc-je0e0YAZAPDYmhw3jSfqbExcsQW5nL8syaClAcSfZziU-KPneawQFfo6p\/s1600\/patches.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,27],"class_list":["post-233425","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233425"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=233425"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233425\/revisions"}],"predecessor-version":[{"id":233427,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233425\/revisions\/233427"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/233426"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=233425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=233425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=233425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}