VulnCheck: State of Exploitation 2026

VulnCheck: State of Exploitation 2026 www.vulncheck.com/blog/stat… In 2025, VulnCheck identified 884 Known Exploited Vulnerabilities (KEVs) for which evidence of exploitation was observed for the first time. By using the CVE publication date as a proxy for when defenders typically become aware of a vulnerability, the analysis provides insight into how quickly exploitation follows disclosure. The findings indicate that 28.96 per cent of KEVs in 2025 were exploited on or before the day their CVE was published. This represents an increase from the 23.6 per cent reported in VulnCheck’s 2024 trends in exploitation report, underscoring the continued prevalence of both zero-day and n-day exploitation. The results reinforce the urgency for organizations to act rapidly on newly disclosed vulnerabilities while continuing to reduce long-standing vulnerability backlogs. Throughout 2025, initial evidence of exploitation was reported by more than 100 unique organizations, including security researchers, cybersecurity vendors, and software suppliers. Attackers continued to prioritize internet-facing and widely deployed technologies, while also opportunistically targeting a long tail of enterprise software, hardware, and emerging technologies, including artificial intelligence.