April 2026 CU for SharePoint Server Subscription Edition is available for download

- - 26 Comments
Important: If your current farm patch level is September 2025 CU, execute the following PowerShell script to correct the folder permissions on the relevant folders otherwise installing the SharePoint fixes will fail:
Fix-SeptemberCU-Permission-Problem.ps1

Alternatively you can also remove the NT Authority\system account from WSS_WPG and IIS_IUSRS local security groups of the SharePoint machines.

For more details check this article: Trending Issue: SharePoint fixes fail to install after installation of September 2025 CU

The product group released the April 2026 Cumulative Update for SharePoint Server Subscription Edition.

Monthly SharePoint Server Subscription edition updates are released as a single unified “uber” package containing both the language independent and language dependent fixes. Language independent and language dependent fixes will no longer be released separately. This is similar to the full server packages released for SharePoint 2013.

The KB article for April 2026 CU will be available at the following location in a couple of hours:

  • KB 5002853 – April 2026 Update for SharePoint Server Subscription Edition
    This is also a security update!

The download for April 2026 CU is available through the following link:

It is irrelevant which language you pick on the drop down in download center. It will always download the same package.

After installing the fix you need to run the SharePoint Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.

SharePoint Server Subscription Edition April 2026 CU Build Number: 16.0.19725.20210

Important: To minimize the installation time for SharePoint Server Subscription Edition Fixes, please follow the guidance in the following article: Solving the extended install time for SPSE CUs

Related Links:

26 Comments


    1. Hi Clarky,
      yes – as I have written in the top green box for the quoted Article April CU includes a complete fix for this issue.
      Cheers,
      Stefan

      Reply

  2. Hi Stefan. First, thank you for all your work here. Really appreciate it.
    Would you be able to explain or send me in the right track to understand the fix below from this patch? What is this about? “This update improves ingestion throughput by increasing the hit rate of the cache that’s used during the ingestion process.”

    Reply

    1. I am also interested in this. Thanks.

      Reply

    2. Hi Andre,
      yeah – our KB articles are sometimes not really easy to read.
      This specific fix improves the performance for Hybrid Search ingestion by increasing the ACL cache time from 5 to 60 seconds.
      Cheers,
      Stefan

      Reply

  3. Hi Stefan, we recently applied the February 2026 SharePoint Subscription Edition security update in our production environment. Just noticed that April 2026 update addressing CVE-2026-32201, which is listed as actively exploited. Given it’s listed as actively exploited and in CISA KEV, should this be applied immediately or within a normal patch window? We have dev, staging, prod farms in our environment. Thanks for your help.

    https://www.cisa.gov/known-exploited-vulnerabilities-catalog

    Reply

    1. Hi Abhi,
      sorry – I’m not in a position or allowed to give specific guidance for such security related questions.
      Cheers,
      Stefan

      Reply

  4. Hi, Stefan
    When runing configuration Wizard I’m getting the following error
    Upgrade [SearchAdminDatabase Name=SP_Search] failed.
    Exception: Cannot find the object ‘proc_MSS_GetCrawlErrorOrWarningCounts’, because it does not exist or you do not have permission.
    In the database Sp_Search there are now object ‘proc_MSS_GetCrawlErrorOrWarningCounts’
    The upgrade failed.

    Reply

    1. Hi Stefan – I am also getting similar errors. The proc names are different though – Cannot find the object ‘proc_MSS_DeleteAllAzureDocuments’, because it does not exist or you do not have permission.

      Reply

      1. Hi Nikhil,
        please ensure to open a support case with Microsoft get this investigated.
        Cheers,
        Stefan

        Reply

    2. Hi Rune,
      please ensure to open a support case with Microsoft get this investigated.
      Cheers,
      Stefan

      Reply

      1. Hi Stefan,
        I will do.
        The March 2026 CU installation went well and was installed in March.
        After some investigation, it seems that there are some issues related to upgrading from SharePoint 2016 to SharePoint Subscription Edition (SE).
        I have installed four SharePoint SE farms. Two of them encountered this error. These were migrated with both service applications and content databases.
        The other two were migrated using content databases only. In those environments, I ran into some different issues, which I was able to resolve.
        To bypass this error, I had to run PSConfig.exe and complete the last page of the Configuration Wizard.
        Cheers,
        Rune

        Reply

  5. Hi, Stefan,
    I would like to confirm that the NT Authority\system account needs to be removed from WSS_WPG and IIS_IUSRS local security groups of the SharePoint machines throughout the patching process, even on during the Configuration Wizard part?

    Cheers,
    Justin

    Reply

    1. Hi Justin,
      first of all, this is only required if the current CU is September 2025 CU.
      If you already installed a later patch or if the machine is on a patch level oder than September 2025 CU it is not necessary.
      Second there is a better way to resolve the issue – by executing the following PowerShell script which reverts the problematic folder permissions:
      https://aka.ms/stefangossner/Fix-SeptemberCU-Permission-Problem.ps1
      Cheers,
      Stefan

      Reply

  6. It seems that PSConfiggui does not see intalled binaries in all servers.
    running “Get-SPProduct -Local ” in all servers before running config wizard

    Reply

    1. Hi Antti,
      psconfig and psconfigui rely on the correct information to be in the ServerVersionInformation table in the configruation database.
      If this information was not correctly updated when the fix was installed (e.g. the SQL server was down as it was also patched at this time) running Get-SPProduct -local will help to update the information about the installed patches in the database.
      Cheers,
      Stefan

      Reply

  7. Hello Stefan,
    We regularly follow your blog and have been using it as one of our primary references while planning our next SharePoint Server Subscription Edition and OOS servicing step. We are currently on the July 2025 CU level for both SPSE and OOS, and we are evaluating whether it is reasonable to move directly to the April 2026 CUs for both products rather than stepping through the intervening releases.
    Our main concern is the September 2025 permission-related issues and the servicing changes that followed. Based on your understanding, do you believe a farm that is currently on July 2025 can safely bypass those concerns by moving directly to the April 2026 CU for both SPSE and OOS, or are there still known caveats we should account for before taking that step? Any guidance on whether there are specific prerequisites, validation checks, or companion-service considerations we should test first would be greatly appreciated.

    Reply

    1. Hi Bruce,
      yes – absolutely!
      By directly upgrading from July 2025 CU to April 2026 CU you are avoiding the permission problems from September CU and the upgrade issue from Jan 2026 to March 2026 CU.
      As SharePoint fixes are cumulative there is no reason to install an intermediate fix.
      Cheers,
      Stefan

      Reply

  8. I’ve found out that our SharePoint subscription edition farm seems to go “Upgrade Available” or “Upgrade required” even latest CU is installed correctly. This happens with delay and is not happening in SP2019.
    Contend- and SPDatabases are upgraded fine, this seems to be serviceinstance related.

    When I run:
    Get-SPServiceInstance | Where-Object { $_.NeedsUpgrade -eq $true }
    it lists every servers all service instances.
    Everything seems to work but this causes worries that some damage may happen since there’s so much instances that needs upgrade. And they cannot be upgraded in any way we’ve tried.

    Nothing helps, I’ve deleted and reprovisioned all instances, cleared config cache etc.
    This may relate to issue I commented earlier, that I have to run Get-SPProduct -Local
    to be enable to run config wizard.

    Reply

    1. Hi Antti,

      that may also be, when timer service account does not have appropriate permissions on all databases, it might falsely flag it at “Upgrade needed.” I would check “Review database status” in Central administration, see which db is flagged and then check permissions on SQL side. Check if owstimer account has permission on that db.

      Reply

      1. Hi, account permissions are correct and we’ve made updates for years every month with success. Issue came after April 2026 CU, no changes in environment.
        When I run config wizard, status goes to “no action needed” for 1 day, then again “Upgrade available”.
        Quite mysterious thing.

        Reply

        1. Hi Antti,
          this behavior is normal: when the config wizard runs it marks all databases the upgrader executed against as upgrade complete (no action needed).
          Once a day the health timer job runs which looks at the database content in detail and if it finds an object that is not upgraded it reverts the flag to upgrade required.

          Test-SPContentDatabase should help to isolate the issue.

          Cheers,
          Stefan

          Reply

  9. Good afternoon, Stefan.

    You’ve helped us so much with our SP19 farms and we are standing up our SPSE environments right now. After installing the ISO and configuring the farm, can we directly install the April 2026 CU or is there something that must be installed before. Thank you in advance for your response and all your help.

    Daniel

    Reply

    1. Hi Daniel,
      you can directly install April 2026 CU – even before configuring the farm.
      Cheers,
      Stefan

      Reply

  10. Hi Stefan,
    Since updating from March CU to the April CU, we are seeing an issue with a CAML query that has worked reliably so far.

    We can reproduce the issue on SharePoint 2016 and SharePoint Subscription Edition. (SharePoint 2019 has not been tested yet.)

    The CAML query uses a “max-integer” value in the Where condition:

    4503599627370496

    . . . .

    In the client-browser, the query now fails with the following error:

    Error: Error making HttpClient request in queryable [500] Internal Server Error ::>
    {“error”:{“code”:”-2146232060, Microsoft.SharePoint.SPException”,”message”:{“lang”:”en-US”,”value”:”Exception from HRESULT: 0x80131904″}}}

    The ULS logs show a SQL exception indicating an overflow:

    System.Data.SqlClient.SqlException (0x80131904)
    The conversion of the nvarchar value “4503599627370496” caused an overflow in an int column.

    This behavior appears to have changed with the April CU, because the same query worked before.

    Best regard

    Reply

    1. Hi Rob,
      if you need this functionality, please open a ticket with Microsoft Support.
      Ensure to specify SharePoint Server Subscription Edition as there is no chance to get a fix for SP2016 before it goes out of support on July 14th, 2026.
      Feel free to send me the SR number using “Contact the blog author” at the top right for this blog.
      Cheers,
      Stefan

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.