CVEs set to hit record high levels in 2026 - BetaNews

CVEs set to hit record high levels in 2026 By Ian Barker Published February 11, 2026 A new report predicts that this year will mark the first time the industry will cross 50,000 published CVEs in a single year. The findings, from global cybersecurity nonprofit The Forum of Incident Response and Security Teams (FIRST), suggest that between 70,000 to 100,000 vulnerabilities are entirely possible in 2026. The wider three-year outlook projects continued growth: 51,018 CVEs (median) in 2027 and 53,289 CVEs (median) in 2028, with upper bounds reaching nearly 193,000 by 2028. "The question organizations need to ask right now is: are my people and processes ready to handle this volume, and am I prioritizing the vulnerabilities that actually put my data at risk? Our forecast allows defenders to stop reacting to every new CVE and start making strategic decisions about where to focus limited resources before attackers exploit the gaps," says Éireann Leverett, FIRST liaison and lead member of FIRST's Vulnerability Forecasting Team. The forecast serves as a critical planning tool for security teams across the industry. Whether organizations are planning patching capacity, writing coordinated vulnerability disclosure reports, or developing detection signatures for SIEM, EDR, or IDS platforms, understanding the expected volume of vulnerabilities enables better resource allocation and strategic decision-making. "Much like a city planner considering population growth before commissioning new infrastructure, security teams benefit from understanding the likely volume and shape of vulnerabilities they will need to process," Leverett adds. "The difference between preparing for 30,000 vulnerabilities and 100,000 is not merely operational, it’s strategic." The report advises organizations to look at whether their current people and processes can handle 50,000+ CVEs. They need to focus on vulnerabilities that pose the greatest risk to their specific environment, not just those with the highest CVSS scores. They should also build contingency plans for higher-volume scenarios and use vulnerability forecasts alongside asset inventories to make vendor- and product-specific preparations. “No company can solve vulnerabilities and cybersecurity in isolation. The organizations that recover fastest are the ones with trusted networks already in place, sharing threat intelligence and coordinating response before a crisis hits," says Chris Gibson, CEO of FIRST. You can read more on the FIRST blog. Image credit: weerapat/depositphotos.com TAGS CVECybersecurityRisk ManagementVulnerabilities NO COMMENTS Got News? Contact Us Recent Headlines FBI admits buying Americans’ location tracking data Pentesting is prioritized but only 32 percent of attack surfaces are tested When agentic AI meets ad fraud -- how bots are breaking digital marketing [Q&A] Microsoft confirms that the KB5079473 update is breaking app sign-ins OpenAI is buying Astral to turn Codex into more than just a coding tool The rise of AI search is creating 'invisible visits' across the web Opera GX arrives on Linux with built-in ad blocking and VPN Most Commented Stories Microsoft warns a recent Windows 11 renders the C: drive inaccessible for some users 0 Comments The Meta AI tab lands in WhatsApp for some users 0 Comments Guest chats mean you don’t need a WhatsApp account to talk 0 Comments Instagram is killing off end-to-end encryption for messaging 0 Comments Spotify will finally let you tweak its recommendation algorithm 0 Comments How AI and PLM can help close the gap between product and commercial teams [Q&A] 0 Comments Fake job applicant exposes North Korea’s global remote worker scheme 0 Comments Businesses struggle to identify AI agent traffic 0 Comments Why Trust Us At BetaNews.com, we don't just report the news: We live it. Our team of tech-savvy writers is dedicated to bringing you breaking news, in-depth analysis, and trustworthy reviews across the digital landscape. Show more We don't just report the news: We live it. Our team of tech-savvy writers is dedicated to bringing you breaking news, in-depth analysis, and trustworthy reviews across the digital landscape. NEWS AI Technology Software Hardware About Us © 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy | Terms of Service | Cookie Policy | Contact Us | Sitemap