VulnCheck identified 25 CVEs disclosed in 2026 that have been routinely targeted by adversaries and researchers so far this year, drawing from a global body of exploit code and exploitation data.
Enterprise network edge technologies continue to be hard-hit by state-sponsored and sophisticated adversaries, while security researchers have prioritized vulnerabilities in AI platforms and open-source code bases.
VulnCheck has observed a 59% increase in new KEVs when compared with the same period in 2025.
In February, VulnCheck introduced our 2025 Routinely Targeted Vulnerabilities list, a compilation of CVEs researched and exploited by a range of threat actors in 2025. Today, we’re releasing a list of 2026 vulnerabilities that our analysts have determined qualify for “Routinely Targeted” status based on a combination of threat actor, ransomware, and botnet targeting, along with public exploit density and breadth of in-the-wild exploitation evidence.
VulnCheck data captures risk and threat indicators across the entire vulnerability lifecycle, drawing on 500+ data sources to track exploit code maturity and validity, evidence of use in the wild, and threat actor attribution and tooling. VulnCheck’s Canary Intelligence network also detects CVE-based and pre-CVE attacks against real vulnerable software deployments, which gives us insight into attacker behavior patterns and payload variants.
The following vulnerabilities have been disclosed and exploited in the wild in 2026, with one exception: SmarterTools SmarterMail CVE-2025-52691 was disclosed in late December 2025. Threat actor counts also include unattributed activity: All unattributed activity collectively is counted as one (1) threat actor instance in our calculations. General country-level attribution (e.g., Russia, China) is also collectively tracked as one (1) threat actor instance for any given CVE (per country).
This list is almost certain to change as the year goes on. Some vulnerabilities that don’t already have copious threat actor or ransomware citations will undoubtedly drop off our Routinely Targeted list by the end of the year, while others will gather new attributions and rise. For comparison, the full list of 2025 Routinely Targeted Vulnerabilities can be found here.
| CVE | Vuln | Exploits | Threat Actors | Ransomware | Notes |
|---|---|---|---|---|---|
| CVE-2026-21509 | Microsoft Office security feature bypass | 2 | 6 | No | Fancy Bear (RU), Razor Tiger (IN), North Korea attribution |
| CVE-2025-52691 | SmarterTools SmarterMail unrestricted file upload | 12 | 4 | Yes | Storm-1175 (China), Static Kitten (Iran); ongoing exploitation observed by VulnCheck Canaries |
| CVE-2026-1281 | Ivanti Endpoint Manager Mobile (EPMM) command injection | 5 | 4 | No | Static Kitten (Iran), China attribution |
| CVE-2026-1731 | BeyondTrust RS and PRA command injection | 7 | 4 | Yes | Storm-1175 (China), Static Kitten (Iran) |
| CVE-2026-22769 | Dell RecoverPoint for VMs hard-coded credentials | 0 | 4 | No | UNC6201 (China), SectorB (China), UAT-8616 |
| CVE-2025-15556 | Notepad++ supply chain incident | 1 | 4 | No | Supply chain incident; Lotus Blossom (China) attribution |
| CVE-2026-20700 | Apple (multiple products) buffer overflow | 0 | 3 | No | UNC6353 (suspected RU), UNC6748 |
| CVE-2026-1340 | Ivanti Endpoint Manager Mobile (EPMM) code injection | 5 | 3 | No | Iran, China attribution |
| CVE-2026-20127 | Cisco Catalyst SD-WAN Manager authentication bypass | 6 | 3 | No | UAT-8616, Iran attribution |
| CVE-2026-21513 | Microsoft Windows MSHTML security feature bypass | 2 | 3 | No | Fancy Bear (RU), SectorC (suspected RU) |
| CVE-2026-23760 | SmarterTools SmarterMail authentication bypass | 5 | 3 | Yes | Warlock ransomware, Storm-1175 (China), Storm-2603 (China) |
| CVE-2026-20131 | Cisco Secure Firewall Management Center (FMC) deserialization | 1 | 2 | Yes | Iran attribution, Interlock ransomware |
| CVE-2026-33634 | Aquasecurity Trivy embedded malicious code | 3 | 2 | No | Supply chain incident; TeamPCP attribution |
| CVE-2026-21858 | n8n “Ni8mare” unauthenticated information disclosure | 12 | 1 | No | Zerobot; not on CISA KEV |
| CVE-2026-24061 | GNU Inetutils telnetd authentication bypass | 49 | 1 | Yes | Qilin ransomware, many public exploits |
| CVE-2026-24423 | SmarterTools SmarterMail RCE | 5 | 1 | Yes | Qilin ransomware |
| CVE-2026-31431 | Linux Kernel “Copy Fail” privilege escalation | 132 | 1 | No | Most researched CVE of 2026 so far |
| CVE-2026-39987 | marimo pre-auth RCE via terminal WebSocket | 9 | 1 | No | Broad exploitation and botnet weaponization observed by Sysdig |
| CVE-2026-41940 | cPanel & WHM authentication bypass | 26 | 1 | Yes | Sorry ransomware, Mirai botnet exploitation |
| CVE-2026-20128 | Cisco Catalyst SD-WAN Manager DCA User Takeover | 1 | 1* | No | Cisco Talos has observed at least 10 different threat clusters exploiting this vulnerability as part of the “XenShell” exploit |
| CVE-2026-20133 | Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability | 1 | 1* | No | Cisco Talos has observed at least 10 different threat clusters exploiting this vulnerability as part of the “XenShell” exploit |
| CVE-2026-20122 | Cisco Catalyst SD-WAN Manager UploadAck File Overwrite | 1 | 1* | No | Cisco Talos has observed at least 10 different threat clusters exploiting this vulnerability as part of the “XenShell” exploit |
| CVE-2026-29014 | MetInfo CMS unauthenticated PHP code injection | 1 | 1* | No | VulnCheck Canaries detecting consistent exploitation; not on CISA KEV |
| CVE-2026-23744 | MCPJam inspector missing authentication | 19 | 1 | No | Highly researched (public exploits); not on CISA KEV |
| CVE-2026-33017 | Langflow unauthenticated code injection | 13 | 1 | No | Internet-facing hosts have ballooned since disclosure, suggesting honeypot deployment |
- See
A Note on Cisco SD-WAN CVEsbelow for threat actor calculations on these vulnerabilities.
Much like VulnCheck’s 2025 Routinely Targeted list, the vulnerabilities above aren’t meant to be taken as a one-dimensional hierarchy of CVEs expressed as a top-to-bottom list. VulnCheck analyzes several different types of exploit data, each of which can change a vulnerability’s ranking meaningfully when prioritized or filtered out.
It’s still early in the year, but a handful of front-runners have already emerged. CVE-2026-21509, a security feature bypass in Microsoft Office that was weaponized in zero-day document-based attacks in January 2026, was exploited by Fancy Bear (APT28) in a well-publicized series of incidents targeting Central and Eastern Europe (including Ukraine). A trio of vulnerabilities in SmarterTools SmarterMail (CVE-2025-52691, CVE-2026-23760, and CVE-2026-24423) disclosed between late December 2025 and late January 2026 have seen exploitation by Iranian and (multiple) Chinese-backed threat actors, as well as the Qilin and Warlock ransomware families; VulnCheck’s Canary Intelligence network has continued to detect ongoing exploitation of all three flaws, with new detections still coming in at time of writing. And CVE-2026-41940, a zero-day auth bypass in cPanel and WHM disclosed publicly in late April 2026, has accumulated exploitation by the Sorry ransomware family and the Mirai botnet, in addition to racking up more than two dozen public exploits.
To absolutely nobody’s surprise, enterprise network edge gear has also been hit hard so far this year, with Ivanti Endpoint Manager Mobile (EPMM), BeyondTrust Remote Support (RS), Cisco Secure Firewall Management Center (FMC), and Cisco SD-WAN all seeing notable threat activity. Ivanti CVE-2026-1281 (command injection) and CVE-2026-1340 (code injection) were used in Chinese and Iran-linked reconnaissance and exploitation campaigns; BeyondTrust CVE-2026-1731 (command injection) was exploited by Iranian-backed MuddyWater and Chinese threat actor Storm-1175; Cisco Secure Firewall Management Center CVE-2026-20131 was exploited by the Interlock ransomware group more than a month prior to public disclosure.
Citrix NetScaler, Palo Alto Networks PAN-OS, and Fortinet FortiOS have all had their own well-covered zero-day disclosures over the first few months of this year, though none of them have enough publicly reported threat activity to qualify for “Routinely Targeted” status:
- Citrix NetScaler CVE-2026-3055: Requires an uncommon configuration and a noisy attack, and even then, the attacker doesn’t control which types of data are returned
- Palo Alto Networks PAN-OS CVE-2026-0300: An unspecified buffer overflow vulnerability in PAN-OS’s Captive Portal that lets a remote attacker execute arbitrary code as root and was exploited pre-disclosure by “likely state-sponsored” adversaries
- Fortinet FortiClient EMS CVE-2026-35616 and FortiCloud CVE-2026-24858 were both exploited as zero-days by unattributed threat actors
In February 2026, the Cisco Talos team published a blog on UAT-8616 exploitation of two vulnerabilities in Catalyst SD-WAN: An older flaw, CVE-2022-20775, and a new initial access zero-day, CVE-2026-20127. The same day, Cisco published an aggregate advisory for five additional vulnerabilities in Catalyst SD-WAN that the VulnCheck team analyzed and wrote about here. None of these five CVEs was exploited at time of disclosure; as of May 18, all but one have been used in the wild.
Part of VulnCheck’s SD-WAN analysis back in early March was that a public PoC ostensibly targeting CVE-2026-20127 — i.e., the SD-WAN initial access zero-day that drew most of the attention — actually wasn’t hitting that CVE at all, but rather three other vulnerabilities from Cisco’s aggregate disclosure: CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133. On May 14, Cisco Talos published a new blog on ongoing exploitation of SD-WAN vulnerabilities noting that the same public PoC (“XenShell”) was driving widespread exploitation to deploy webshells. Because Cisco Talos’s May 14 blog contains details on 10 different threat clusters exploiting SD-WAN vulnerabilities, we have classified CVE-2026-20127 and the three “XenShell” CVEs as routinely targeted.
While there’s usually some overlap between CVEs that security researchers develop exploits for and the CVEs that get exploited in the wild, researchers tend to prioritize exploit development for vulnerabilities in open-source or free software they can access easily, whereas adversaries are more opportunistic (translation: not constrained by terms of use or things like “legality”). 2026 so far has followed this same pattern — the CVEs with the highest number of public exploits are primarily in open or otherwise accessible code bases.
The most researched vulnerability of 2026 so far is CVE-2026-31431, aka “Copy Fail,” a Linux kernel privilege escalation flaw that was discovered with AI assistance and disclosed with some of the most spectacularly FUD-driven marketing we’ve witnessed to date. Nevertheless, the vulnerability is legitimate, though the community should note that the original PoC released with the vuln was destructive and would overwrite the su binary. Copy Fail has spawned 130+ working PoCs and counting, almost all of which are derivative rather than novel implementations. Other highly researched 2026 vulnerabilities so far include:
- CVE-2026-20841: A critical auth bypass via argument injection in Gnu Inetutils
telnetdwith nearly 50 known exploits; the vuln has also been operationalized by the Qilin ransomware family - CVE-2026-41940: Broadly exploited cPanel and WHM authentication bypass with 25+ public exploits
- CVE-2026-23744: A missing auth vulnerability in MCPJam Inspector, a popular MCP development and testing platform, with 19 public exploits and a variety of VulnCheck Canary detections
- CVE-2026-33017: A critical code injection RCE bug in popular agentic platform Langflow with a dozen-ish exploits, whose exploitation Sysdig’s threat research group catalogued in depth in March
- CVE-2026-21858 (aka “Ni8mare”): An infoleak vulnerability in workflow automation platform n8n that VulnCheck Canaries have seen expansive scanning and exploit attempts for; it’s also seen Zerobot exploitation
Several other vulnerabilities with 10+ public exploits were omitted from this list because they haven’t yet seen real-world exploitation, including CVE-2025-2304 (Camaleon CMS), CVE-2026-29000 (pac4j-jwt JwtAuthenticator), and CVE-2026-20841 (Windows Notepad).
Our 2026 Routinely Targeted Vulnerabilities list also includes two CVEs used to mark significant supply chain incidents in a chaotic year for supply chain security: CVE-2025-15556 tracked a Notepad++ infrastructure compromise that “allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org.” The incident occurred across more than half of 2025 before the maintainers discovered and disclosed it in February 2026. In their analysis of a custom backdoor, security firm Rapid7 attributed the incident to Chinese state-sponsored threat actor Lotus Blossom, which commonly targets organizations in Southeast Asia. Also included in our 2026 data is CVE-2026-33634, which tracked a far-reaching supply chain compromise that started upstream with popular vulnerability scanner Trivy and spread to LiteLLM and Checkmarx KICS — LiteLLM alone had 3.4 million daily downloads. The attack was attributed to TeamPCP, a financially motivated threat group who’s claimed a spate of supply chain attacks this year.
There’s much debate in the CVE community over whether CVEs are the right mechanism to track and report on supply chain compromises. For better or worse, CVEs are commonly used to denote backdoored or otherwise compromised software versions, but they’re not used consistently. March 2026’s axios npm supply chain incident, for instance, put tens of millions of users at risk after the hugely popular package was poisoned with a cross-platform RAT in an attack Google Threat Intel and Elastic attributed to North Korea. The only CVE assigned was CVE-2026-34381, which a downstream package (@usebruno/cli) apparently used to track impact from the axios compromise. On May 11, the maintainers of TanStack, another popular package, disclosed another TeamPCP-attributed supply chain attack that compromised 40+ packages via the self-spreading “mini Shai-Hulud” worm.
VulnCheck’s industry-leading Known Exploited Vulnerabilities (KEV) list has added 394 new CVEs with in-the-wild exploitation evidence so far this year — a 59% increase in new KEVs when compared with the same period last year. VulnCheck’s research team has also observed a noticeably higher volume of prior-year CVEs (i.e., “CVE-2025” vulnerabilities) racking up first-time exploitation evidence year over year — meaning both the number of exploited “CVE-2026” flaws and net-new reports of prior year (“CVE-2025”) exploitation have increased significantly this year.
But it also bears noting that overall CVE volume is also up in 2026, and major CNAs are starting to show significant shifts (upticks) in CVE disclosures, as our research team wrote about just last week. Thus far, the higher volume of new KEVs appears to be roughly proportional to overall CVE volume growth, which is to say that AI is contributing to an acceleration of known patterns in vulnerability disclosure and exploitation.
VulnCheck’s research team tracks real-world exploitation, attacker infrastructure, and exploit patterns across our Canary Intelligence, Exploit & Vulnerability Intelligence (EVI), and IP Intelligence datasets. By delivering machine-consumable, evidence-driven intelligence on new vulnerabilities and how real attackers can use them in the wild, VulnCheck helps organizations prepare earlier, respond decisively, and verify exploitation without relying on inaccurate scores or delayed consensus.
For more analysis of vulnerability and exploit trends, see the 2026 VulnCheck Exploit Intelligence Report, or check out or our blogs 2026 State of Exploitation: Exploiting The Network Edge and
The First CVE Wave: Signs That AI-Assisted Vulnerability Discovery Is Reshaping Disclosure Volumes.
Sign up for the VulnCheck community today to get free access to our VulnCheck KEV, enjoy our comprehensive vulnerability data, and request a trial of our Initial Access Intelligence, IP Intelligence, Canary Intelligence, and Exploit & Vulnerability Intelligence products.
