"NIST stated that CVEs appearing in the CISA's Known Exploited Vulnerabilities catalog, software used within the federal government, and critical software will be prioritized for enrichment. This change is driven by a surge in CVE submissions, which increased 263% between 2020 and 2025."
"CVEs that do not meet the new criteria will still be listed in the NVD but will not automatically be enriched by NIST. The goal is to focus on CVEs with the maximum potential for widespread impact."
"NIST reported that CVE submissions during the first three months of 2026 are nearly one-third higher than the previous year, indicating a growing trend in vulnerability reporting."
NIST announced changes to its handling of cybersecurity vulnerabilities, stating it will enrich only those CVEs that meet specific criteria due to a 263% increase in submissions from 2020 to 2025. CVEs will be prioritized based on their potential impact, including those in the CISA's KEV catalog, software used by the federal government, and critical software as defined by Executive Order 14028. CVEs not meeting these criteria will be marked as 'Not Scheduled.' NIST aims to focus on vulnerabilities with the highest systemic risk.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]