NIST has announced it will scale back CVE enrichment in the National Vulnerability Database (NVD), prioritizing only high-impact vulnerabilities rather than enriching all CVEs. This follows a 12% federal funding cut in 2024, a talent exodus, and a growing backlog — with CVE volume expected to reach 60,000 records in 2026. Security practitioners warn that many vendors rely on NVD data for patching decisions, meaning some vulnerabilities will get missed. Experts recommend that cyber teams accelerate patching pipelines, build defenses into software proactively, and push for more complete CVE data at the time of filing. Industry coalitions and the private sector are expected to help fill the gap left by NIST's reduced capacity.
Sort: