Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Monthly Patch

April 2026 Monthly Patch

15 April 2026

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please refer to https://msrc.microsoft.com/update-guide/en-us/releaseNote/2026-Apr


Critical Vulnerabilities

CVE Number

CVE Name

Base Score

Reference

CVE-2026-35431

Microsoft Entra ID Entitlement Management Spoofing Vulnerability

10.0

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35431

CVE-2026-33819

Microsoft Bing Remote Code Execution Vulnerability

10.0

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33819

CVE-2026-40175

Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

10.0

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40175

CVE-2026-21515

Azure IoT Central Elevation of Privilege Vulnerability

9.9

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21515

CVE-2026-33824

Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability

9.8

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33824

CVE-2026-27143

Missing bound checks can lead to memory corruption in safe Go in cmd/compile

9.8

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-27143

CVE-2026-27140

Code execution vulnerability in SWIG code generation in cmd/go

9.8

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-27140

CVE-2026-24303

Microsoft Partner Center Elevation of Privilege Vulnerability

9.6

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-24303

CVE-2026-32210

Microsoft Dynamics 365 (online) Spoofing Vulnerability

9.3

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32210

CVE-2026-33102

Microsoft 365 Copilot Elevation of Privilege Vulnerability

9.3

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33102

CVE-2026-32157

Remote Desktop Client Remote Code Execution Vulnerability

8.8

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32157

CVE-2026-26150

Microsoft Purview eDiscovery Elevation of Privilege Vulnerability

8.6

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-26150

CVE-2026-32173

Azure SRE Agent Information Disclosure Vulnerability

8.6

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32173

CVE-2026-33115

Microsoft Word Remote Code Execution Vulnerability

8.4

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33115

CVE-2026-33114

Microsoft Word Remote Code Execution Vulnerability

8.4

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33114

CVE-2026-32190

Microsoft Office Remote Code Execution Vulnerability

8.4

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32190

CVE-2026-33827

Windows TCP/IP Remote Code Execution Vulnerability

8.1

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33827

CVE-2026-33826

Windows Active Directory Remote Code Execution Vulnerability

8.0

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33826

CVE-2026-32172

Microsoft Power Apps Remote Code Execution Vulnerability

8.0

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32172

CVE-2026-23666

.NET Framework Denial of Service Vulnerability

7.5

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-23666

CVE-2026-5194

wolfSSL ECDSA Certificate Verification

TBD

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-5194

CVE-2025-62718

Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF

TBD

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62718

Back to top