Vulnerability Trends Summary for Q1 2026.

Overview.

q1 2026 saw a number of high-risk vulnerabilities reported with either public disclosures or confirmed exploits. an increase in remote code execution and authentication bypass family vulnerabilities was observed. Early publication of PoCs accelerated threat propagation. the potential for chain attacks through the perimeter and middle layers expanded.

Statistical Summary.

there were a total of 14,462 new CVEs in the quarter, an increase of approximately 20.4% year-over-year. CVSS 9.0 or higher high-risk vulnerabilities totaled 1,426, accounting for approximately 9.8% of the total. medium and high risk vulnerabilities accounted for approximately 45% of the total. There were 71 additions to CISA KEV, of which 23 were CVSS 9.0 or higher, accounting for approximately 32.4%.

Major types and impacts.

Vulnerabilities related to access control and input validation were frequently reported, including CWE-79 (XSS), CWE-200 (information disclosure), CWE-287 (authentication bypass), and CWE-22 (path traversal). CWE-94 (Code Injection) was highly prevalent in KEV registrations. vulnerabilities in network edge equipment and core infrastructure significantly increased the practical risk by allowing broad system access with initial penetration.

Response.

the report recommends prioritizing patching, scanning externally exposed assets, and developing mitigation strategies as near-term responses. The vulnerabilities listed in KEV are being exploited and should be prioritized.