Skip to content

Will any actively exploited CVE be published in 2026 with patch availability lagging public exploitation by over 30 days?

Open·Closes 9mo·Vol 0 credits

Probability

connecting…
Yes50%
Volume: 0 credits

Not enough trades yet to draw a history.

About

Resolves YES if any 2026 CVE on the CISA KEV catalogue has a documented in-the-wild exploitation date that precedes the vendor's first patch availability by more than 30 days.

Resolution criteria

A KEV entry with dateAdded in 2026 whose vendor advisory or third-party analysis (Mandiant, Volexity, watchTowr) documents exploitation more than 30 days before patch GA.

Source
CISA KEV catalogue; vendor advisories; Mandiant / Volexity blogs.
Ambiguity
AMBIGUOUS if the exploitation start date is uncertain by plus or minus 30 days.
n-daykevpatchingexploit-lag

Discussion

Loading comments…