Throughout Operation Lunar Peek in November 2024, attackers gained unauthenticated distant admin entry — and eventual root — throughout greater than 13,000 uncovered Palo Alto Networks administration interfaces. Palo Alto Networks scored CVE-2024-0012 at 9.3 and CVE-2024-9474 at 6.9 beneath CVSS v4.0. NVD scored the identical pair 9.8 and seven.2 beneath CVSS v3.1. Two scoring programs. Two completely different solutions for a similar vulnerabilities. The 6.9 fell under patch thresholds. Admin entry appeared required. The 9.3 sat queued for upkeep. Segmentation would maintain.
“Adversaries circumvent [severity ratings] by chaining vulnerabilities collectively,” Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, informed VentureBeat in an unique interview on April 22, 2026. On the triage logic that missed the chain: “They only had amnesia from 30 seconds earlier than.”
Each CVEs sit on the CISA Identified Exploited Vulnerabilities catalog. Neither rating flagged the kill chain. The triage logic that consumed these scores handled every CVE as an remoted occasion, and so did the SLA dashboards and the board reviews these dashboards feed.
CVSS did precisely what it was designed to do. Rating one vulnerability at a time. The issue is that adversaries don’t assault one vulnerability at a time.
“CVSS base scores are theoretical measures of severity that ignore real-world context,” wrote Peter Chronis, former CISO of Paramount and a safety chief with Fortune 100 expertise. By transferring past CVSS-first prioritization at Paramount, Chronis reported lowering actionable essential and high-risk vulnerabilities by 90%. Chris Gibson, government director of FIRST, the group that maintains CVSS, has been equally direct: utilizing CVSS base scores alone for prioritization is “the least apt and correct” technique, Gibson informed The Register. FIRST’s personal EPSS and CISA’s SSVC resolution mannequin deal with a part of this hole by including exploitation likelihood and decision-tree logic.
5 triage failure lessons CVSS was by no means designed to catch
In 2025, 48,185 CVEs had been disclosed, a 20.6% year-over-year improve. Jerry Gamblin, principal engineer at Cisco Menace Detection and Response, initiatives 70,135 for 2026. The infrastructure behind the scores is buckling beneath that weight. NIST introduced on April 15 that CVE submissions have grown 263% since 2020, and the NVD will now prioritize enrichment for KEV and federal essential software program solely.
1. Chained CVEs that look protected till they are not
The Palo Alto pair from Operation Lunar Peek is the textbook. CVE-2024-0012 bypassed authentication. CVE-2024-9474 escalated privileges. Scored individually beneath each CVSS v4.0 and v3.1, the escalation flaw filtered under most enterprise patch thresholds as a result of admin entry appeared required. The authentication bypass upstream eradicated that prerequisite completely. Neither rating communicated the compound impact.
Meyers described the operational psychology: groups assessed every CVE independently, deprioritized the decrease rating, and queued the upper one for upkeep.
2. Nation-state adversaries who weaponize patches inside days
The CrowdStrike 2026 World Menace Report documented a 42% year-over-year improve in vulnerabilities exploited as zero-days earlier than public disclosure. Common breakout time throughout noticed intrusions: 29 minutes. Quickest noticed breakout: 27 seconds. China-nexus adversaries weaponized newly patched vulnerabilities inside two to 6 days of disclosure.
“Earlier than it was Patch Tuesday as soon as a month. Now it is patch each day, on a regular basis. That is what this new world appears to be like like,” stated Daniel Bernard, Chief Enterprise Officer at CrowdStrike. A KEV addition handled as a routine queue merchandise on Tuesday turns into an energetic exploitation window by Thursday.
3. Stockpiled CVEs that nation-state actors maintain for years
Salt Hurricane accessed senior U.S. political figures’ communications throughout the presidential transition by chaining CVE-2023-20198 with CVE-2023-20273 on internet-facing Cisco gadgets, a privilege escalation pair patched in October 2023 and nonetheless unapplied greater than a yr later. Compromised credentials offered a parallel entry vector. The patches existed. Neither was utilized.
Sixty-seven p.c of vulnerabilities exploited by China-nexus adversaries in 2025 had been distant code execution flaws offering fast system entry, in keeping with the CrowdStrike 2026 World Menace Report. CVSS doesn’t degrade precedence based mostly on how lengthy a CVE has gone unpatched. No board metric tracks growing older KEV publicity.
That silence is the vulnerability.
4. Identification gaps that by no means enter the scoring system
A 2023 assist desk social engineering name in opposition to a significant enterprise produced greater than $100 million in losses. No CVE was assigned. No CVSS rating existed. No patch pipeline entry was created. The vulnerability was a human course of hole in identification verification, sitting completely exterior the scoring system’s aperture.
“A professional wants a zero day if all you need to do is name the assistance desk and say I forgot my password,” Meyers stated.
Agentic AI programs now carry their very own identification credentials, API tokens, and permission scopes, working exterior conventional vulnerability administration governance. Merritt Baer, CSO at Enkrypt AI, has argued on file that identity-surface controls are vulnerability equivalents belonging in the identical reporting pipeline as software program CVEs. In most organizations, assist desk authentication gaps and agentic AI credential inventories reside in a separate governance silo. In observe, no one’s governance.
5. AI-accelerated discovery that breaks pipeline capability
Anthropic’s Claude Mythos Preview demonstrated autonomous vulnerability discovery, discovering a 27-year-old signed integer overflow in OpenBSD’s TCP SACK implementation throughout roughly 1,000 scaffold runs at a complete compute value beneath $20,000. Meyers supplied a thought-experiment projection within the unique interview with VentureBeat: if frontier AI drives a 10x quantity improve, the result’s roughly 480,000 CVEs yearly. Pipelines constructed for 48,000 break at 70,000 and collapse at 480,000. NVD enrichment is already gone for non-KEV submissions.
“If the adversary is now capable of finding vulnerabilities quicker than the defenders or the enterprise, that is an enormous drawback, as a result of these vulnerabilities develop into exploits,” stated Daniel Bernard, Chief Enterprise Officer at CrowdStrike.
CrowdStrike on Thursday launched Venture QuiltWorks, a remediation coalition with Accenture, EY, IBM Cybersecurity Providers, Kroll, and OpenAI fashioned to deal with the vulnerability quantity that frontier AI fashions are actually producing in manufacturing code. When 5 main corporations construct a coalition round a pipeline drawback, no single group’s patch workflow can hold tempo.
Safety director motion plan
The 5 failure lessons above map to 5 particular actions.
Run a chain-dependency audit on each KEV CVE within the atmosphere this month. Flag any co-resident CVE scored 5.0 or above, the brink the place privilege escalation and lateral motion capabilities usually seem in CVSS vectors. Any pair chaining authentication bypass to privilege escalation will get triaged as essential no matter particular person scores.
Compress KEV-to-patch SLAs to 72 hours for internet-facing programs. The CrowdStrike 2026 World Menace Report breakout knowledge, 29-minute common and 27-second quickest, makes weekly patch home windows indefensible in a board presentation.
Construct a month-to-month KEV growing older report for the board. Each unpatched KEV CVE, days since disclosure, days since patch availability, and proprietor. Salt Hurricane exploited a Cisco CVE patched 14 months earlier as a result of no escalation path existed for growing older publicity.
Add identity-surface controls to the vulnerability reporting pipeline. Assist desk authentication gaps and agentic AI credential inventories belong in the identical SLA framework as software program CVEs. In the event that they sit in a separate governance silo, they sit in no one’s governance.
Stress-test pipeline capability at 1.5x and 10x present CVE quantity. Gamblin initiatives 70,135 for 2026. Meyers’s thought-experiment projection: frontier AI may push annual quantity previous 480,000. Current the capability hole to the CFO earlier than the following price range cycle, not after the breach that proves the hole existed.