// kev context
CVE / KEV context: live counters and this week's additions
Cross-checks the CISA Known Exploited Vulnerabilities catalog, NIST NVD CVE totals, and FIRST EPSS scores. The week's KEV additions and which scanners detect them.
author: Oliver Wakefield-Smith · verified 2026-06-26
// direct-answer
How many CVEs are in the CISA KEV catalog in 2026?
As of 2026-06-26: 28,720 CVEs published year-to-date in NIST NVD; 1,289 entries in the CISA KEV catalog; 7 new KEV additions in the past 7 days. The top exploited entry this week is CVE-2026-2331. Cross-referenced against FIRST EPSS scores for prioritisation.
cves_ytd
28,720
Sourced from NVD CVE feed.
kev_total
1,289
CISA KEV catalog total.
added_7d
+7
New KEV entries in the last 7 days.
Why scanners should detect KEV first
KEV is the floor, not the ceiling. If your scanner does not detect CVEs currently in the KEV catalog, you are not in the conversation. Tenable, Qualys, Rapid7, Wiz, and Orca all ship same-day plugin / signature coverage for KEV additions. OpenVAS lags by hours to a few days on newer additions.
// faq
FAQ
- What is the KEV catalog?CISA's Known Exploited Vulnerabilities catalog is a curated list of CVEs known to be exploited in the wild. Federal agencies are required to remediate KEV entries within tight deadlines.
- What is EPSS?Exploit Prediction Scoring System (EPSS) by FIRST scores the probability a CVE will be exploited in the next 30 days. Use it to triage above and beyond KEV's binary in/out signal.
- Should I scan for non-KEV CVEs?Yes. KEV is the floor. EPSS-high CVEs without KEV entries are tomorrow's KEV entries.
- Which scanners get KEV coverage fastest?Commercial scanners (Tenable, Qualys, Rapid7) ship plugin / signature coverage same-day to next-day. OpenVAS lags by hours to a few days.
- How often does the KEV catalog update?Multiple additions per week. CISA does not publish on a fixed cadence.