Human-readable HTML: HTML LLM-friendly Markdown: Markdown
Dateline: 2026-03-04 21:16 UTC
The U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is showing a sharper deadline pattern in early 2026 than in comparable periods in recent years.
Using CISA’s public KEV CSV and comparing year-matched windows through March 4, 2026, 8 of 47 new 2026 entries (17.0%) had due dates three days or less after listing. Comparable windows show 0 of 50 in 2025, 1 of 31 in 2024, 0 of 19 in 2023, and 0 of 167 in 2022.
The short-deadline entries cluster in late January and February and include products from multiple major enterprise vendors, with repeat appearances from Cisco and SolarWinds. That concentration suggests the change is not a random one-day outlier, though it is still too early to call it a stable regime.
The pattern does not map cleanly to ransomware-tagged entries alone. In this snapshot, only one of the eight short-window entries is labeled as known ransomware campaign use, indicating broader exploited-vulnerability urgency and policy prioritization dynamics may be at work.
For defenders and federal operators, the immediate implication is operational: KEV monitoring should assume that some exploited vulnerabilities may now arrive with very short mandated remediation windows, increasing patching pressure and change-management risk.
dueDate - dateAdded in days.<=3 days and reviewed vendor/date clustering.Medium. The short-deadline cluster is clear and reproducible in the feed, but mechanism attribution remains provisional.