Headline KEV figures as of 2026-07-03 · vendor table snapshot 2026-06-08

The vulnerabilities top-15 club — and what their products have in common

Six thousand eight hundred and ninety-three vendors have a CVE published in the last 24 months. Fifteen of them own 48% of every Known Exploited Vulnerability (“KEV”) over the last year. Once you look at the list, the products inside it fall into three tidy clusters — and one entrant that doesn’t fit any of them.

The fifteen

Here are the fifteen vendors, plotted by how many CVEs they published in the last 24 months against how many of those landed on KEV in the last year. The distance from the diagonals is the whole story: a handful of vendors turn a small catalogue into outsized exploitation, while the high-volume names sit far below the 1%-exploited line. The full ranking is in the table further down.

Log-log scatter of CVE volume vs KEV adds for the top-15 vendors, coloured by cluster, with 0.1%, 1% and 10% exploitation-rate guide lines.
Figure 1. KEV adds (last 365 days) against CVEs published (last 24 months), log-log. Diagonals mark constant exploitation rates. Vendors above the 10% line — LiteLLM, Citrix — convert a tiny catalogue into heavy exploitation; the endpoint-OS giants sit near or below 0.1%.

Endpoint OS (memory-safety bugs)

Six of the fifteen are general-purpose operating systems and their two big browsers: Microsoft Windows, Apple macOS / iOS, Google Chrome / Android, Linux kernel, and Debian. The signature weakness here is CWE-416 — use-after-free — for five of the six. Linux is the outlier with CWE-476 null-pointer-dereference on top, but use-after-free is its number-two weakness. These are products with a billion+ attack surface, written in C/C++, where a single freed pointer becomes a code-execution primitive.

What unites this cluster operationally is that the bugs reach attackers via endpoint compromise: a malicious page, a malicious document, or a malicious neighbour process. The defender’s job is patching cadence and exploit-mitigation (ASLR / CFG / shadow stack) hardening, not network segmentation.

Edge appliances (injection + authz bypass)

Five of the fifteen are appliances that sit on the internet-facing edge: Cisco ASA / IOS XE, Fortinet FortiOS, Citrix NetScaler, Ivanti Connect Secure, and Siemens telecontrol gear. The signature weaknesses are different from the endpoint-OS cluster: OS command injection (CWE-78), path traversal (CWE-22), SQL injection (CWE-89), and privilege-management bugs (CWE-269).

These bugs live in management interfaces written in PHP, Perl, or homemade C wrappers around shell, where authenticated or unauthenticated input crosses a trust boundary into exec, the filesystem, or the database. Once compromised, the appliance becomes a perimeter pivot: VPN sessions, IPsec tunnels, or the management LAN itself. That leverage is why ransomware crews keep picking them.

Enterprise / management apps (XSS + authz)

Four of the fifteen are enterprise applications and middleware: SolarWinds, Oracle, Adobe, and VMware. The signature weaknesses are cross-site scripting (CWE-79), broken access control (CWE-284), and path traversal (CWE-22) — classic web-app bug classes, exploited the way enterprise webapps have been exploited for fifteen years. The difference in 2026 is that these products are now sitting in front of admin consoles for AD, virtualization fabric, content pipelines, and code repositories, so a successful exploit buys lateral movement at supervisor level.

The newcomer: LiteLLM

LiteLLM — the open-source LLM-proxy used in front of OpenAI, Anthropic, and self-hosted model endpoints — picked up two KEV adds in the last 365 days, off only 17 published CVEs. That is one of the highest per-CVE exploitation rates in the list (~12%), in the same tier as Citrix. The two are a CWE-89 SQL-injection and a CWE-78 OS-command-injection bug in the gateway’s admin / model-routing logic. It’s the first time a product in the AI infrastructure stack has landed in the top exploitation tier, and it almost certainly won’t be the last — vector databases, model gateways, and evaluation harnesses all share the LiteLLM profile (small team, big install base, network-facing, authorization written in a hurry).

The full ranking

Ranked by KEV adds in the last 365 days. Counts in parentheses are total CVEs published over the last 24 months — the gap between the two columns is the per-CVE exploitation rate.

#Vendor KEV (365d) CVEs (24mo) Cluster Signature CWE Top product
1Microsoft404,524Endpoint OSCWE-416 use-after-freeWindows
2Apple192,793Endpoint OSCWE-416 use-after-freemacOS / iOS
3Google132,369Endpoint OSCWE-416 use-after-freeChrome / Android
4Cisco13442Edge applianceCWE-78 OS-command injectionASA / IOS XE
5Linux Kernel119,432Endpoint OSCWE-476 null-derefLinux kernel
6Fortinet7368Edge applianceCWE-78 OS-command injectionFortiOS / FortiManager
7Debian7769Endpoint OSCWE-416 use-after-freeDebian Linux
8Citrix430Edge applianceCWE-269 privilege mgmtNetScaler ADC / Gateway
9Ivanti4237Edge applianceCWE-89 SQL injectionConnect Secure / Policy Secure
10SolarWinds457Enterprise appCWE-22 path traversalAccess Rights Manager / Web Help Desk
11LiteLLM217AI stackCWE-78 OS-command injectionLiteLLM proxy
12Oracle3678Enterprise appCWE-284 improper accessMySQL / VirtualBox
13Adobe31,500Enterprise appCWE-79 XSSExperience Manager / Magento
14Siemens3330Edge applianceCWE-89 SQL injectionTelecontrol / SCALANCE
15VMware383Enterprise appCWE-79 XSSCloud Foundation

Access beats volume

The single most useful chart to draw from this list is KEV adds per published CVE. Linux ships 9,432 CVEs in 24 months and 11 of them are exploited — a ratio of 0.12%. Citrix ships 30 and gets 4 exploited — 13.3%, more than 100× higher. Adobe sits at 0.2%, Microsoft at 0.9%, Cisco at 2.9%, Fortinet at 1.9%, Ivanti at 1.7%, SolarWinds at 7%, and LiteLLM at 11.8%.

The headline metric isn’t how many CVEs you publish. It’s how many of those CVEs unlock something attackers want — an edge appliance with VPN sessions behind it, an admin console with control of the virtualisation fabric, or an authentication proxy in front of every model call.

What this implies for defenders

If you’re building a vendor-risk view from the inside, a headcount of CVEs across your installed base is the wrong signal. The right signal is: how many of those CVEs are in edge appliances, endpoint OSes, enterprise admin apps, and now AI gateways? The four buckets in the top-15 list account for almost all exploitation leverage. Inventory by cluster, not by vendor count.

The controls that matter differ by cluster.

Data: vendor_cve_stats + kev_catalog in MongoDB; vendor table snapshot 2026-06-08, headline KEV share recomputed 2026-07-03. For the headline share, KEV vendor names are normalised to the vendors named here (Broadcom’s VMware products → VMware, BerriAI → LiteLLM, Android → Google). Cluster assignment is mine, not CISA’s. The full per-vendor research pages, including 24-month volume sparklines and KEV detail tables, live at /vendor-compare.html.