Patch Tuesday in July 2026 delivers another wave of critical security updates. This month’s release is particularly notable due to multiple actively exploited zero-day vulnerabilities addressed by Microsoft, alongside critical fixes for SAP environments and enterprise infrastructure products.
Microsoft: Three Zero-Days Resolved
Microsoft has released security updates for Windows 10, Windows 11, and supported Windows Server editions. The most significant issues this month include three patched zero-day vulnerabilities:
- CVE-2026-56155 – Active Directory Federation Services Elevation of Privilege Vulnerability
- CVE-2026-56164 – Microsoft SharePoint Server Elevation of Privilege Vulnerability
- CVE-2026-50661 – Windows BitLocker Security Feature Bypass Vulnerability
These vulnerabilities affect core enterprise infrastructure components. Of particular concern are the privilege escalation flaws impacting Active Directory Federation Services and SharePoint environments, as well as the BitLocker security feature bypass that could weaken data protection mechanisms. A full list of the affected products can be found in the Microsoft Update Guide.
SAP & Enterprise Infrastructure: Critical Fixes for Business Applications
SAP has also published several critical security updates this month. Organizations should prioritize the following vulnerabilities:
- CVE-2026-44747 – Memory Corruption Vulnerability in SAP NetWeaver Application Server ABAP
- CVE-2026-27690 – HTTP Request Smuggling in SAP Approuter
- CVE-2026-44761 – Insecure Sample Credentials in SAP Commerce Cloud
These vulnerabilities affect key SAP components and may significantly impact the security and availability of business-critical applications depending on system configuration and exposure. SAP provides further details in the latest security notes.
Additional vendors releasing security updates include:
- Adobe: Security updates for multiple products, including a fix for the ColdFusion vulnerability CVE-2026-48282
- Cisco: Security updates for several products, including a Remote Code Execution vulnerability affecting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC)
- Ivanti: Security updates for Ivanti Xtraction
- Fortinet: Security updates for multiple products
- Broadcom: Security update for VMware Avi Load Balancer
Background: What Is Patch Tuesday?
Patch Tuesday refers to the second Tuesday of each month, when Microsoft publishes bundled security updates for its software products. This established release cycle helps organizations and IT administrators plan and deploy updates more efficiently, ensuring systems are protected against known threats in a timely manner.
More articles in this subject area
Discover exciting further topics and let the codecentric world inspire you.
Blog author
Sarah
Do you still have questions? Just send me a message.
Do you still have questions? Just send me a message.