In November 2024, during Operation Lunar Peek, attackers managed to gain unauthenticated remote admin access, eventually reaching root access, over more than 13,000 Palo Alto Networks management interfaces that were exposed. Palo Alto Networks rated CVE-2024-0012 with a score of 9.3 and CVE-2024-9474 with 6.9 under CVSS v4.0. However, the NVD scored these vulnerabilities as 9.8 and 7.2 under CVSS v3.1. This discrepancy in scoring systems led to different interpretations for the same vulnerabilities. The CVE-2024-9474 score of 6.9 was below the threshold for patches, seemingly requiring admin access, while the CVE-2024-0012 score of 9.3 was put on hold for maintenance, assuming segmentation would hold.
“Adversaries bypass [severity ratings] by linking vulnerabilities together,” explained Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, in an exclusive interview with VentureBeat on April 22, 2026. Reflecting on the oversight in triage logic, he noted: “They just had amnesia from 30 seconds before.”
Both vulnerabilities are listed in the CISA Known Exploited Vulnerabilities catalog. Neither score highlighted the chain of vulnerabilities. The triage logic processed each CVE separately, and so did the SLA dashboards and the board reports they generated.
CVSS performed as intended, scoring one vulnerability at a time. However, attackers do not target vulnerabilities in isolation.
“CVSS base scores are theoretical measures of severity that ignore real-world context,” wrote Peter Chronis, former CISO of Paramount and a security leader with Fortune 100 experience. By moving beyond CVSS-first prioritization at Paramount, Chronis reported a 90% reduction in actionable critical and high-risk vulnerabilities. Chris Gibson, executive director of FIRST, the organization responsible for CVSS, has been equally candid: using CVSS base scores alone for prioritization is “the least apt and accurate” method, he told The Register. FIRST’s EPSS and CISA’s SSVC decision model address this gap by incorporating exploitation probability and decision-tree logic.
Five triage failure classes CVSS was never designed to catch
In 2025, 48,185 CVEs were disclosed, marking a 20.6% increase from the previous year. Jerry Gamblin, principal engineer at Cisco Threat Detection and Response, forecasts 70,135 for 2026. The infrastructure supporting these scores is struggling under this load. On April 15, NIST announced that CVE submissions have surged 263% since 2020, and the NVD will now prioritize enrichment for KEV and federal critical software only.
1. Chained CVEs that look safe until they aren’t
The Palo Alto vulnerabilities from Operation Lunar Peek serve as a classic example. CVE-2024-0012 bypassed authentication, while CVE-2024-9474 enabled privilege escalation. When evaluated separately under both CVSS v4.0 and v3.1, the escalation flaw was often overlooked in enterprise patch thresholds because it seemed to require admin access. The upstream authentication bypass, however, removed that requirement. Neither score communicated the combined effect.
Meyers described the operational mindset: teams evaluated each CVE separately, deprioritized the lower score, and scheduled the higher one for maintenance.
2. Nation-state adversaries who weaponize patches within days
The CrowdStrike 2026 Global Threat Report recorded a 42% rise in vulnerabilities exploited as zero-days before public disclosure. Average breakout time across observed intrusions was 29 minutes, with the fastest at 27 seconds. China-nexus adversaries weaponized newly patched vulnerabilities within two to six days of disclosure.
“Before it was Patch Tuesday once a month. Now it’s patch every day, all the time. That’s what this new world looks like,” said Daniel Bernard, Chief Business Officer at CrowdStrike. A KEV addition treated as routine on Tuesday could become an active exploitation window by Thursday.
3. Stockpiled CVEs that nation-state actors hold for years
Salt Typhoon accessed senior U.S. political figures’ communications during the presidential transition by linking CVE-2023-20198 with CVE-2023-20273 on internet-facing Cisco devices, a privilege escalation pair patched in October 2023 and still unapplied over a year later. Compromised credentials provided another entry point. The patches were available but not applied.
According to the CrowdStrike 2026 Global Threat Report, 67% of vulnerabilities exploited by China-nexus adversaries in 2025 were remote code execution flaws allowing immediate system access. CVSS does not lower priority based on how long a CVE remains unpatched. No board metric tracks aging KEV exposure.
That silence is the vulnerability.
4. Identity gaps that never enter the scoring system
A 2023 help desk social engineering call against a major enterprise resulted in losses exceeding $100 million. No CVE was assigned, no CVSS score existed, and no patch pipeline entry was created. The vulnerability was a human process gap in identity verification, entirely outside the scoring system’s framework.
“A pro needs a zero day if all you have to do is call the help desk and say I forgot my password,” noted Meyers.
Agentic AI systems now operate with their own identity credentials, API tokens, and permission scopes, outside traditional vulnerability management governance. Merritt Baer, CSO at Enkrypt AI, has indicated that identity-surface controls should be treated as vulnerability equivalents within the same reporting pipeline as software CVEs. In most organizations, help desk authentication gaps and agentic AI credential inventories exist in a separate governance silo. In practice, this means no governance at all.
5. AI-accelerated discovery that breaks pipeline capacity
Anthropic’s Claude Mythos Preview showcased autonomous vulnerability discovery, identifying a 27-year-old signed integer overflow in OpenBSD’s TCP SACK implementation through roughly 1,000 scaffold runs at a total compute cost under $20,000. Meyers speculated in the VentureBeat interview that if frontier AI increases volume tenfold, around 480,000 CVEs could be generated annually. Systems built for 48,000 fail at 70,000 and collapse at 480,000. NVD enrichment is already unavailable for non-KEV submissions.
“If the adversary is now able to find vulnerabilities faster than the defenders or the business, that’s a huge problem, because those vulnerabilities become exploits,” stated Daniel Bernard, Chief Business Officer at CrowdStrike.
On Thursday, CrowdStrike introduced Project QuiltWorks, a remediation initiative with Accenture, EY, IBM Cybersecurity Services, Kroll, and OpenAI to tackle the vulnerability volume that frontier AI models are producing in production code. When five major firms form a coalition around a pipeline problem, it indicates that no single organization’s patch workflow can keep pace.
Security director action plan
The five failure classes mentioned above link to five specific actions.
Conduct a chain-dependency audit on every KEV CVE in the environment this month. Highlight any co-resident CVE scored 5.0 or above, the point where privilege escalation and lateral movement capabilities usually appear in CVSS vectors. Any pair linking authentication bypass to privilege escalation should be prioritized as critical, regardless of individual scores.
Reduce KEV-to-patch SLAs to 72 hours for internet-facing systems. The CrowdStrike 2026 Global Threat Report breakout data, with a 29-minute average and 27-second fastest, makes weekly patch windows indefensible in a board presentation.
Create a monthly KEV aging report for the board. Include every unpatched KEV CVE, days since disclosure, days since patch availability, and responsible party. Salt Typhoon exploited a Cisco CVE patched 14 months earlier because no escalation path existed for aging exposure.
Integrate identity-surface controls into the vulnerability reporting pipeline. Help desk authentication gaps and agentic AI credential inventories should be included in the same SLA framework as software CVEs. If they remain in a separate governance silo, they end up in nobody’s governance.
Stress-test pipeline capacity at 1.5x and 10x current CVE volume. Gamblin projects 70,135 for 2026. Meyers’s thought-experiment projection suggests frontier AI could push annual volume past 480,000. Present the capacity gap to the CFO before the next budget cycle, not after a breach exposes the gap.
