NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

Staff Editor 2026-04-17
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

https://thehackernews.com/2026/04/nist-limits-cve-enrichment-after-263.html

Publish Date: 2026-04-17 03:14:00

Source Domain: thehackernews.com

Ravie LakshmananApr 17, 2026Vulnerability Management

The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions.

“CVEs that do not meet those criteria will still be listed in the NVD but will not automatically be enriched by NIST,” it said. “This change is driven by a surge in CVE submissions, which increased 263% between 2020 and 2025. We don’t expect this trend to let up anytime soon.”

The prioritization criteria outlined by NIST, which went into effect on April 15, 2026, are as follows –

  • CVEs appearing in the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog.
  • CVEs for software used within the federal government.
  • CVEs for critical software as defined by Executive Order 14028: this includes software that’s designed to run with elevated privilege or managed privileges, has privileged access to networking or computing resources, controls access to data or operational technology, and operates outside of normal trust boundaries with elevated access. 

Any CVE submission that doesn’t meet these thresholds will be marked as “Not Scheduled.” The idea, NIST said, is to focus on CVEs that have the maximum potential for widespread impact.

“While CVEs that do not meet these criteria may have a significant impact on affected systems, they generally do not present the same level of systemic risk as those in the prioritized categories,” it added.

NIST said the CVE submissions during the first three months of 2026 are nearly one-third higher than they were last year, and it’s working faster than ever to enrich the submissions. It also said it enriched nearly 42,000 CVEs in 2025, which was 45% more than any prior year.

In cases where a high-impact CVE has…

Source

More Stories

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Staff Editor 2026-06-07
DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

Staff Editor 2026-06-07
Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy