During Operation Lunar Peek in November 2024The attackers gained unauthenticated remote administrator (and eventual root) access on more than 13,000 Palo Alto Networks management interfaces exposed. Palo Alto Networks noted CVE-2024-0012 in 9.3 and CVE-2024-9474 in 6.9 under CVSS v4.0. NVD scored the same pair 9.8 and 7.2 under CVSS v3.1. Two scoring systems. Two different responses for the same vulnerabilities. The 6.9 fell below the patch thresholds. Administrator access seemed necessary. The 9.3 sat in queue for maintenance. The segmentation would be maintained.
"Adversaries bypass (severity ratings) by chaining vulnerabilities," Adam Meyers, senior vice president of counter operations at CrowdStrike, told VentureBeat in an exclusive interview on April 22, 2026. About the ranking logic that bypassed the chain: "They just had amnesia from 30 seconds earlier."
Both CVEs sit in the CISA Catalog of Known Exploited Vulnerabilities. None of the scores marked the death chain. The ranking logic that consumed those scores treated each CVE as an isolated event, just like the SLA dashboards and board reports those dashboards feed into.
CVSS did exactly what it was designed to do. Rate one vulnerability at a time. The problem is that adversaries do not attack one vulnerability at a time.
"CVSS base scores are theoretical measures of severity that ignore real-world context," wrote Peter Chronis, former Paramount CISO and experienced Fortune 100 security leader. By going beyond CVSS prioritization at Paramount, Chronis reported reducing actionable critical and high-risk vulnerabilities by 90%. Chris Gibson, executive director of FIRST, the organization that maintains CVSS, has been similarly blunt: Using only CVSS base scores for prioritization is "the least adequate and precise" method, gibson he told the record. own of FIRST EPS and CISA’s SSVC decision model addresses part of this gap by adding exploit probability and decision tree logic.
Five Classes of Classification Failures CVSS Was Never Designed to Detect
In 2025, 48,185 CVEs were discloseda year-on-year increase of 20.6%. Jerry Gamblin, Principal Engineer, Cisco ThreatDetection and Response, 70,135 projects by 2026. The infrastructure behind the scores is collapsing under that weight. NIST announced on April 15 that CVE filings have increased 263% since 2020, and the NVD will now prioritize enrichment for KEV and federal critical software only.
1. Chained CVEs that seem safe until they aren’t
The Palo Alto couple Operation Moon Sight It’s the textbook. CVE-2024-0012 Authentication Bypass. CVE-2024-9474 escalated privileges. Qualified separately in CVSS v4.0 and v3.1, the escalation flaw was filtered below most enterprise patching thresholds because administrator access appeared to be required. Bypassing upstream authentication eliminated that prerequisite entirely. No scores reported the compound effect.
Meyers described the operational psychology: teams evaluated each CVE independently, deprioritized the lowest score, and queued the highest score for maintenance.
2. Nation-state adversaries who turn patches into weapons in a matter of days
He CrowdStrike Global Threat Report 2026 documented a 42% year-over-year increase in vulnerabilities exploited as zero days before public disclosure. Average escape time between observed intrusions: 29 minutes. Fastest escape observed: 27 seconds. Newly patched vulnerabilities were weaponized by adversaries of the China nexus within two to six days of their disclosure.
"It used to be Patch Tuesday once a month. Now it’s a patch every day, all the time. This is what this new world looks like," said Daniel Bernard, chief commercial officer at CrowdStrike. A KEV addition treated as a routine queue item on Tuesday becomes an active exploitation window on Thursday.
3. Stored CVEs that state actors maintain for years
Salt typhoon accessed communications from high-level American political figures during the presidential transition by chaining CVE-2023-20198 with CVE-2023-20273 on Cisco devices with Internet access, a couple of privilege escalations patched in October 2023 and still unenforced more than a year later. The compromised credentials provided a parallel entry vector. The patches existed. Neither was applied.
Sixty-seven percent of vulnerabilities exploited by China nexus adversaries in 2025 were remote code execution flaws that provided immediate system access, according to the CrowdStrike Global Threat Report 2026. CVSS does not demote priority based on how long a CVE has been unpatched. No plate metrics track exposure to KEV aging.
That silence is vulnerability.
4. Identity gaps that never enter the scoring system
A social engineering helpdesk call in 2023 against a major company resulted in over $100 million in losses. No CVE was assigned. No CVSS score existed. No patch pipeline entry was created. The vulnerability was a gap in the human process in identity verification, which was completely outside the openness of the scoring system.
"A professional needs a zero day if all they have to do is call support and say: I forgot my password." Meyers said.
Agent AI systems now carry their own identity credentials, API tokens, and permission scopes, and operate outside of traditional vulnerability management governance. Merritt Baer, CSO at Enkrypt AI, has gone on record to argue that Identity Surface Checks are vulnerability equivalents that belong in the same reporting channel as software CVEs. In most organizations, help desk authentication gaps and AI agent credential inventories live in a separate governance silo. In practice, no one governs.
5. AI-accelerated discovery breaks channel capacity
anthropic Claude Mythos Preview demonstrated autonomous discovery of vulnerability, finding a Integer overflow with sign of 27 years in OpenBSD’s TCP SACK implementation in approximately 1,000 scaffolding runs in total calculation cost less than $20,000. Meyers offered a thought experiment projection in the exclusive interview with VentureBeat: If frontier AI generates 10x volume growth, the result is approximately 480,000 CVEs per year. Pipelines built for 48,000 break at 70,000 and collapse at 480,000. NVD enrichment no longer exists for non-KEV shipments.
"If the adversary is now able to find vulnerabilities faster than defenders or the company, that’s a big problem, because those vulnerabilities become exploits," said Daniel Bernard, chief commercial officer at CrowdStrike.
CrowdStrike launched on Thursday QuiltWorks ProjectA remediation coalition was formed with Accenture, EY, IBM Cybersecurity Services, Kroll and OpenAI to address the volume of vulnerabilities that cutting-edge AI models are now generating in production code. When five major companies form a coalition around a pipeline issue, no organization’s patch workflow can keep up.
Action plan of the security director.
The five classes of failures above correspond to five specific actions.
Run a chain dependency audit on every KEV CVE in your environment this month. Flag any co-resident CVEs with a score of 5.0 or higher, the threshold where privilege escalation and lateral movement capabilities typically appear in CVSS vectors. Any pair that chains authentication bypass to privilege escalation is classified as critical regardless of individual scores.
Compress KEV SLAs for patching to 72 hours for Internet-enabled systems. He CrowdStrike Global Threat Report 2026 The breakout data, an average of 29 minutes and a time of 27 seconds faster, makes weekly patch windows indefensible in a dashboard presentation.
Create a monthly KEV aging report for the board. Each unpatched KEV CVE, days since disclosure, days since patch availability, and owner. Salt Typhoon exploited a Cisco CVE patched 14 months earlier because there was no escalation path for aging exposure.
Add identity surface checks to the vulnerability reporting process. Help desk authentication breaches and AI agent credential inventories belong to the same SLA framework as software CVEs. If they sit in a separate government silo, they will not be in anyone’s government.
Stress test pipeline capability at 1.5x and 10x the current CVE volume. Gamblin projects 70,135 by 2026. Meyers’ thought experiment projection: Cutting-edge AI could boost annual volume to more than 480,000. Present the capability gap to the CFO before the next budget cycle, not after the gap proves the gap existed.
