NIST is changing its approach to handling vulnerabilities in the NVD: the agency will no longer automatically supplement all CVE entries with analytical data

Vulnerabilities from the CISA KEV catalog, CVEs affecting software used by U.S. federal agencies, and vulnerabilities involving critical software will remain the priority. The reason is the sharp rise in the number of CVEs: the flow of new entries is already significantly exceeding the capacity for manual processing.

🔗 More details: https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth