Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
NIST Adjusts CVE Handling Amid Rising Submissions

NIST Adjusts CVE Handling Amid Rising Submissions

Posted on April 17, 2026 By CWS

The National Institute of Standards and Technology (NIST) has revised its approach to handling cybersecurity vulnerabilities listed in its National Vulnerability Database (NVD). This change comes in response to a significant increase in vulnerability submissions, which have surged by 263% from 2020 to 2025. Under the new guidelines, only vulnerabilities that meet specific criteria will be enriched by NIST.

New Criteria for CVE Enrichment

As of April 15, 2026, NIST has established a set of criteria for prioritizing CVE enrichment. Vulnerabilities included in the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, those used within the federal government, and critical software vulnerabilities as defined by Executive Order 14028 are prioritized. The goal of these criteria is to focus enrichment efforts on vulnerabilities with the greatest potential for widespread impact.

Vulnerabilities that do not meet these criteria will be categorized as “Not Scheduled” for enrichment, although they will still be listed in the NVD. This decision reflects a need to manage resources effectively amidst a growing volume of vulnerabilities requiring attention.

Implications for Security Research

NIST’s announcement highlights the challenges posed by the increasing volume of vulnerabilities. In the first quarter of 2026 alone, submissions were nearly a third higher than the same period last year. Despite these challenges, NIST managed to enrich approximately 42,000 CVEs in 2025, marking a 45% increase compared to previous years.

Security researchers and organizations relying on NIST as a primary source for CVE data may need to adjust their strategies. While high-impact CVEs that are initially unscheduled can be requested for enrichment via email, the new approach prioritizes vulnerabilities that pose systemic risks over those with isolated impacts.

Future Outlook in Cybersecurity Management

The changes instituted by NIST reflect a broader shift towards a risk-based approach in vulnerability management. Caitlin Condon from VulnCheck emphasized the need for distributed and machine-speed solutions to address today’s complex threat landscape. Additionally, David Lindner of Contrast Security noted that organizations must now focus more on actionable intelligence rather than sheer volume of data.

As the cybersecurity field evolves, entities must adapt to a proactive risk management strategy. By concentrating on the most critical vulnerabilities and leveraging threat intelligence, the industry can enhance its resilience against cyber threats. This approach not only aligns with current technological advancements but also addresses the interconnected nature of global cybersecurity challenges.

The Hacker News Tags:CISA, CVE, CVE enrichment, Cybersecurity, NIST, risk management, security research, threat intelligence, vulnerability database, vulnerability management

Post navigation

Previous Post: Windows 11 Updates May Trigger BitLocker Recovery
Next Post: Cursor AI Flaw Endangers Developer Systems

Related Posts

PraisonAI Security Flaw Exploited Within Hours PraisonAI Security Flaw Exploited Within Hours The Hacker News
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts The Hacker News
Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks The Hacker News
Kimsuky Expands Cyber Arsenal with New Techniques Kimsuky Expands Cyber Arsenal with New Techniques The Hacker News
Microsoft Addresses Defender Exploit, Patch in Progress Microsoft Addresses Defender Exploit, Patch in Progress The Hacker News
Hackers Jailed for £29M TfL Cyber Attack Hackers Jailed for £29M TfL Cyber Attack The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical wp2shell RCE Vulnerability Threatens WordPress Sites
  • AI Tool Revolutionizes Automated Penetration Testing
  • Critical WordPress Flaw Allows Code Execution
  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical wp2shell RCE Vulnerability Threatens WordPress Sites
  • AI Tool Revolutionizes Automated Penetration Testing
  • Critical WordPress Flaw Allows Code Execution
  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark