securityonline.info 7/11/2026, 4:10:42 AM · external

Microsoft Tops CISA KEV List as Critical Flaws Surge in Q2 2026

Microsoft Tops CISA KEV List as Critical Flaws Surge in Q2 2026
CyberSIXT Evidence Panel
Primary Source cisa.gov

IN Q2 2026, 75 vulnerabilities were added to the CISA's Known Exploited Vulnerabilities (KEV) catalog, marking a 5.6% increase from the previous quarter. Notably, 21 of these vulnerabilities had a critical CVSS score of 9.0 or higher, indicating high severity. Microsoft was the most targeted vendor with 15 exploited CVEs, followed by Cisco with 7.

The average time between CVE publication and exploitation was 1,072 days, skewed by old vulnerabilities; nonetheless, 22% were exploited within just 7 days of publication. The report highlights a need for urgent patching strategies, as many vulnerabilities are weaponized quickly, presenting significant risks.

View Primary Source Via securityonline.info

Article by CyberSIXT