NIST has announced it will stop assigning severity scores and enrichment details to lower-priority CVEs in the National Vulnerability Database (NVD), citing a 263% surge in submission volumes. Starting April 15, only vulnerabilities in CISA's Known Exploited Vulnerabilities catalog, those affecting U.S. federal government software, or those involving critical software under Executive Order 14028 will receive full NVD analysis. All CVEs will still be listed, but non-priority ones will carry only the submitting CNA's rating. NIST acknowledges some high-impact CVEs may slip through and offers an email channel for enrichment requests on deprioritized entries.
Table of contents
Related Articles:Sort: