Microsoft’s April 2026 Patch Tuesday set a volume record at 206 CVEs, including 39 Critical-rated and three publicly disclosed zero-days. Specific CVE identifiers, affected product versions, and zero-day technical details were not confirmed from available source data and must be obtained from the MSRC April 2026 release page. The presence of publicly disclosed zero-days means exploit code or technical details were available before fixes shipped, giving threat actors a head start on weaponization.