Overview
Microsoft has released security updates addressing 167 flaws as part of the April 2026 Patch Tuesday. This includes two zero-day vulnerabilities, one of which has been previously disclosed and the other has been actively exploited, and eight other vulnerabilities that are marked as critical severity.
CVE-2026-32201 – Microsoft SharePoint Server Spoofing CVSSv3: 6.5 (Medium)
An actively exploited improper input validation vulnerability in Microsoft Office SharePoint that allows unauthorised attackers to perform spoofing over a network. Successful exploitation allows attackers to access sensitive information, modify disclosed information, but they are unable to restrict access to the resource.
Affected Versions:
- Microsoft SharePoint Server Subscription Edition: 16.0.19725.20210
- Microsoft SharePoint Server 2019: 16.0.10417.20114
- Microsoft SharePoint Enterprise Server 2016: 16.0.5548.1003
CVE-2026-32157 – Remote Desktop Client Remote Code Execution CVSSv3: 8.8 (High)
A remote code execution (RCE) vulnerability affecting the Microsoft Remote Desktop Client on Windows. Caused by a use-after-free memory corruption bug in the Remote Desktop Client that lets an unauthorised attacker execute arbitrary code over a network.
Affected Versions: See Microsoft’s security releases below
CVE-2026-33824 – Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution CVSSv3: 9.8 (Critical)
A critical remote code execution (RCE) vulnerability in the Windows Internet Key Exchange (IKE) Service Extensions component (IKEEXT), part of Windows IPsec/IKEv2 networking stack. Caused by a double-free memory corruption error that allows an unauthenticated, remote attacker to execute arbitrary code on a vulnerable Windows system by sending specially crafted network packets.
Affected Versions: See Microsoft’s security releases below
Apple has released emergency security updates for iOS and iPadOS. Four high-severity security patches were included.
CVE-2026-28865 – Authentication Flaw Allowing Network Traffic Interception in Apple Operating Systems CVSSv3: 7.5 (High)
An attacker located on a privileged network was able to monitor or alter traffic passing through impacted Apple devices due to an authentication vulnerability resulting from improper state management. The risk is the inability to enforce authentication, which permits the eavesdropping of otherwise secure connections, exposing private information and possibly opening the door to adversary-in-the-middle (AitM) attacks.
CVE-2026-28876 – Directory Path Parsing Vulnerability Allowing Unintended Sensitive Data Access CVSSv3: 7.5 (High)
An application can read files it shouldn't ordinarily access by getting around its intended sandbox due to a parsing issue in the way directory paths are handled. The vulnerability makes it possible for malicious or hacked software to refer to files outside of its directory, which might reveal sensitive information such as credentials or personal data.
CVE-2026-20687 – Use‑After‑Free Leading to Kernel Memory Write and System Termination in Apple Operating Systems CVSSv3: 7.1 (High)
The issue was found in Apple operating systems and is a use-after-free vulnerability. An object that the still contains references to can be released by application code, and then the freed memory can be used again. This situation can be triggered by a malicious application, which can write arbitrary data to kernel memory and cause the system to unexpectedly shut down.
For affected versions see Apple’s security releases below
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Microsoft – Security Releases (April 2026)
Apple – Security Releases (April 2026)
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.