Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. This Patch Tuesday also addresses eight "Critical" vulnerabilities, 7 of which are remote code execution flaws and the other is a denial of service flaw. The number of bugs in each vulnerability category is listed below: When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include Mariner, Azure, and Bing flaws that were fixed by Microsoft earlier this month. There were also 80 Microsoft Edge/Chromium flaws that were fixed by Google. To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5083769 & KB5082052 cumulative updates and the Windows 10 KB5082200 extended security update. This month's Patch Tuesday fixes two zero-day vulnerabilities, with one publicly disclosed and the other actively exploited in attacks. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available. CVE-2026-32201 - Microsoft SharePoint Server Spoofing Vulnerability Microsoft has patched a Microsoft SharePoint Server Spoofing Vulnerability that was exploited in attacks.