Popular searches

A contribution by

security brand
//

Three Zero-Days and Critical Enterprise Vulnerabilities: Patch Tuesday July 2026

14.7.2026 | 2 minutes reading time

Patch Tuesday in July 2026 delivers another wave of critical security updates. This month’s release is particularly notable due to multiple actively exploited zero-day vulnerabilities addressed by Microsoft, alongside critical fixes for SAP environments and enterprise infrastructure products.

Microsoft: Three Zero-Days Resolved

Microsoft has released security updates for Windows 10, Windows 11, and supported Windows Server editions. The most significant issues this month include three patched zero-day vulnerabilities:

  • CVE-2026-56155 – Active Directory Federation Services Elevation of Privilege Vulnerability
  • CVE-2026-56164 – Microsoft SharePoint Server Elevation of Privilege Vulnerability
  • CVE-2026-50661 – Windows BitLocker Security Feature Bypass Vulnerability

These vulnerabilities affect core enterprise infrastructure components. Of particular concern are the privilege escalation flaws impacting Active Directory Federation Services and SharePoint environments, as well as the BitLocker security feature bypass that could weaken data protection mechanisms. A full list of the affected products can be found in the Microsoft Update Guide.

SAP & Enterprise Infrastructure: Critical Fixes for Business Applications

SAP has also published several critical security updates this month. Organizations should prioritize the following vulnerabilities:

  • CVE-2026-44747 – Memory Corruption Vulnerability in SAP NetWeaver Application Server ABAP
  • CVE-2026-27690 – HTTP Request Smuggling in SAP Approuter
  • CVE-2026-44761 – Insecure Sample Credentials in SAP Commerce Cloud

These vulnerabilities affect key SAP components and may significantly impact the security and availability of business-critical applications depending on system configuration and exposure. SAP provides further details in the latest security notes.

Additional vendors releasing security updates include:

  • Adobe: Security updates for multiple products, including a fix for the ColdFusion vulnerability CVE-2026-48282
  • Cisco: Security updates for several products, including a Remote Code Execution vulnerability affecting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC)
  • Ivanti: Security updates for Ivanti Xtraction
  • Fortinet: Security updates for multiple products
  • Broadcom: Security update for VMware Avi Load Balancer

Background: What Is Patch Tuesday?

Patch Tuesday refers to the second Tuesday of each month, when Microsoft publishes bundled security updates for its software products. This established release cycle helps organizations and IT administrators plan and deploy updates more efficiently, ensuring systems are protected against known threats in a timely manner.

share post

//

More articles in this subject area

Discover exciting further topics and let the codecentric world inspire you.