National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges
None
<div class="wp-block-group tablet-padding-top50 has-light-grey-background-color has-background"> <div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-columns tablet-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex"> <div class="wp-block-column padding-right50 tablet-padding-right0 is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:60%"> <p class="back-link padding-bottom40 grey-link no-underline tablet-align-center"><a href="https://flashpoint.io/blog">Blogs</a></p> <h6 class="wp-block-heading padding-bottom5 tablet-align-center">Blog</h6> <h1 class="wp-block-heading padding-bottom30 tablet-align-center h2-style has-dark-blue-color has-text-color">National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges</h1> <p class="padding-bottom40 tablet-align-center">In this post, we examine what NVD’s shift to selective enrichment means for vulnerability workflows and how security teams can maintain visibility and prioritization at scale.</p> <div class="wp-block-columns tablet-columns tablet-align-center is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex"> <div class="wp-block-column is-vertically-aligned-center no-margin is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:130px"> <div class="block share align-left tablet-align-center left"> <div class="title">SHARE THIS:</div> <p> <a href="https://www.facebook.com/sharer/sharer.php?u=https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/" class="has-dark-blue-color"><br> <svg width="18" height="18" viewbox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg"> <path fill-rule="evenodd" clip-rule="evenodd" d="M0 9.05025C0 13.5248 3.24975 17.2455 7.5 18V11.4998H5.25V9H7.5V6.99975C7.5 4.74975 8.94975 3.50025 11.0002 3.50025C11.6497 3.50025 12.3503 3.6 12.9998 3.69975V6H11.85C10.7498 6 10.5 6.54975 10.5 7.25025V9H12.9L12.5002 11.4998H10.5V18C14.7502 17.2455 18 13.5255 18 9.05025C18 4.0725 13.95 0 9 0C4.05 0 0 4.0725 0 9.05025Z" fill="currentColor"></path> </svg><br> </a><br> <a href="https://twitter.com/intent/tweet?text=National%20Vulnerability%20Database%20(NVD)%20Shifts%20to%20Selective%20Enrichment%20as%20CVE%20Volume%20Surges&url=https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/&%23038;via=flashpointintel" class="has-dark-blue-color"><br> <svg width="18" height="18" viewbox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg"> <g clip-path="url(#clip0_1936_244)"> <path d="M9 17.6646C13.9706 17.6646 18 13.7142 18 8.84111C18 3.96801 13.9706 0.0175781 9 0.0175781C4.02944 0.0175781 0 3.96801 0 8.84111C0 13.7142 4.02944 17.6646 9 17.6646Z" fill="currentColor"></path> <path d="M12.2195 4.52588H13.8313L10.3101 8.3453L14.4525 13.5426H11.2085L8.66811 10.3905L5.76133 13.5426H4.1486L7.91488 9.45735L3.94153 4.52588H7.26685L9.56315 7.40708L12.2185 4.52588H12.2195ZM11.6538 12.6271H12.5469L6.78207 5.39334H5.82368L11.6538 12.6271Z" fill="white"></path> </g> <defs> <clippath id="clip0_1936_244"> <rect width="18" height="18" fill="white"></rect> </clippath> </defs> </svg><br> </a><br> <a href="https://www.linkedin.com/shareArticle?mini=false&url=https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/&%23038;title=National%20Vulnerability%20Database%20(NVD)%20Shifts%20to%20Selective%20Enrichment%20as%20CVE%20Volume%20Surges&%23038;summary=&%23038;source=https://flashpoint.io" class="has-dark-blue-color"><br> <svg width="18" height="18" viewbox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M9 0C4.02937 0 0 4.02938 0 9C0 13.9706 4.02937 18 9 18C13.9706 18 18 13.9706 18 9C18 4.02938 13.9706 0 9 0ZM6.79687 12.7303H4.97437V6.86531H6.79687V12.7303ZM5.87437 6.14531C5.29875 6.14531 4.92656 5.7375 4.92656 5.23312C4.92656 4.71844 5.31 4.32281 5.89781 4.32281C6.48562 4.32281 6.84562 4.71844 6.85687 5.23312C6.85687 5.7375 6.48562 6.14531 5.87437 6.14531ZM13.4531 12.7303H11.6306V9.48C11.6306 8.72344 11.3662 8.20969 10.7072 8.20969C10.2037 8.20969 9.90469 8.5575 9.7725 8.89219C9.72375 9.01125 9.71156 9.18 9.71156 9.34781V12.7294H7.88812V8.73563C7.88812 8.00344 7.86469 7.39125 7.84031 6.86437H9.42375L9.50719 7.67906H9.54375C9.78375 7.29656 10.3716 6.73219 11.355 6.73219C12.5541 6.73219 13.4531 7.53562 13.4531 9.2625V12.7303Z" fill="currentColor"></path> </svg><br> </a> </p></div> </div> <div class="wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:400px"> <div class="block blog-author-info tablet-align-center"> <div class="blog-info"> <div class="img-container"><img decoding="async" src="https://flashpoint.io/wp-content/uploads/2022/06/author-image-150x150-1-150x150.png" alt="Default Author Image"></div> <div class="name"><a href="https://flashpoint.io/blog/author/flashpoint/">Flashpoint </a></div> <div class="date">April 17, 2026</div> </div> </div> </div> </div> </div> <div class="wp-block-column padding-top90 tablet-padding-top0 is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:40%"> <figure class="wp-block-image size-full border-radius"><img loading="lazy" decoding="async" width="1200" height="628" src="https://flashpoint.io/wp-content/uploads/NVD_Blog.png" alt="" class="wp-image-57869"></figure> </div> </div> </div> </div><div class="wp-block-group"> <div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="block table-of-contents"> <div class="left"> <div class="mobile-bar"> <div class="closed"><img decoding="async" src="https://flashpoint.io/wp-content/themes/flashpoint/img/icon-toc-mobile-icon.svg" type="image/svg+xml"> Table Of Contents</div> <div class="mobile-close"><img decoding="async" src="https://flashpoint.io/wp-content/themes/flashpoint/img/icon-toc-mobile-close.svg" type="image/svg+xml"></div> </div> <div class="sidebar-items-container"> <div class="links-container"> <div class="heading">Table of Contents</div> <div class="links"> <div class="links__item"><a href="https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/#what-changed">What Changed in NVD’s Operating Model</a></div> <div class="links__item"><a href="https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/#impact">The Impact on Vulnerability Workflows</a></div> <div class="links__item"><a href="https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/#prioritization-criteria">Prioritization Criteria Will Not Capture the Full Risk Landscape</a></div> <div class="links__item"><a href="https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/#vulnerability-intelligence">Vulnerability Intelligence Requires Broader Coverage and Deeper Context</a></div> <div class="links__item"><a href="https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/#what-to-do">Vulnerability Intelligence Requires Broader Coverage and Deeper Context</a></div> <div class="links__item"><a href="https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/#structural-shift">A Structural Shift in Vulnerability Data</a></div> </div> <p><span class="expander">More</span></p></div> <div class="links-container"> <div class="heading">subscribe to our newsletter</div> <div class="links"><iframe loading="lazy" src="https://go.flashpoint.io/l/272312/2024-08-20/24ww895" width="100%" height="500" frameborder="0" allowtransparency="true" allowfullscreen="true" style="border:0;" class="temp-pardot-embed"></iframe></div> </div> </div> </div> <div class="right"> <p>The National Vulnerability Database (NVD) is changing how it processes and enriches vulnerability data in response to sustained growth in CVE submissions.</p> <p>Under a new model <a href="https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth" rel="noreferrer noopener">announced by the National Institute of Standards and Technology</a>, NVD will no longer enrich every CVE. Instead, enrichment efforts will focus on a defined subset, including vulnerabilities in the CISA KEV catalog, software used by the federal government, and software designated as critical.</p> <p>All other CVEs will remain in the database without additional context unless specifically requested.</p> <p>Rising disclosure volumes are placing pressure on public vulnerability infrastructure, and it has direct implications for how security teams consume and act on vulnerability data.</p> <h2 class="wp-block-heading padding-bottom25 padding-top50 has-dark-blue-color has-text-color" id="what-changed">What Changed in NVD’s Operating Model</h2> <p>For years, NVD aimed to provide consistent enrichment across all CVEs, including severity scoring, affected product data, and supporting context for prioritization.</p> <p>That approach has not been sustainable since late 2023.</p> <p>In 2025, <a href="https://flashpoint.io/resources/report/flashpoint-global-threat-intelligence-report-2026/" rel="noreferrer noopener">Flashpoint tracked</a> 44,509 disclosed vulnerabilities, 14,593 of which had publicly available exploits (and 1,944 more with proof-of-concepts). </p> <p>CVE submissions increased by 263% between 2020 and 2025, with 2026 already tracking higher year-over-year. Even with increased throughput, NVD has not been able to keep pace.</p> <p>Under the updated model:</p> <ul class="wp-block-list"> <li>CVEs meeting prioritization criteria will be enriched on an accelerated timeline</li> <li>CVEs outside those criteria will be labeled and left without enrichment</li> <li>Re-analysis of modified CVEs will occur selectively</li> <li>Separate NVD severity scoring will no longer be applied by default</li> </ul> <p>This introduces a significant structural change in how vulnerability data is published and maintained.</p> <h2 class="wp-block-heading padding-top50 padding-bottom20 has-dark-blue-color has-text-color" id="impact">The Impact on Vulnerability Workflows</h2> <p>Many security programs rely on NVD enrichment to operationalize CVE data. That enrichment provides the context needed to evaluate risk and determine remediation priorities.</p> <p>With enrichment applied selectively, teams will encounter a growing number of CVEs that include:</p> <ul class="wp-block-list"> <li>Limited or no severity scoring</li> <li>Incomplete product and version data</li> <li>Minimal context on exploitability or impact</li> <li>No CPE strings that allow for programmatic consumption of data</li> </ul> <p>At the same time, disclosure volume continues to rise, and exploitation timelines remain compressed. This creates a gap between what is disclosed and what can be acted on efficiently.</p> <p>Security teams will need to account for:</p> <ul class="wp-block-list"> <li>Larger backlogs of CVEs without actionable context</li> <li>Increased manual effort to evaluate relevance and risk</li> <li>Greater variability in data quality across sources</li> </ul> <p>These changes affect vulnerability management, threat intelligence, and security operations workflows simultaneously.</p> <h2 class="wp-block-heading padding-top50 padding-bottom20 has-dark-blue-color has-text-color" id="prioritization-criteria">Prioritization Criteria Will Not Capture the Full Risk Landscape</h2> <p>NVD’s updated model focuses enrichment on a defined set of criteria, including known exploited vulnerabilities and software relevant to federal systems.</p> <p>These categories represent important segments of risk, but they do not encompass the full set of vulnerabilities that organizations encounter in practice.</p> <p>Modern environments include:</p> <ul class="wp-block-list"> <li>Open-source dependencies</li> <li>SaaS platforms and APIs</li> <li>Cloud infrastructure and services</li> <li>Third-party and partner integrations</li> </ul> <p>Many vulnerabilities affecting these environments fall outside formal prioritization frameworks or lack immediate classification within public datasets. As a result, security teams will continue to face exposure from vulnerabilities that are:</p> <ul class="wp-block-list"> <li>Actively exploited but not yet included in prioritized lists</li> <li>Missing complete metadata or enrichment</li> <li>Relevant to their environment but not captured by federal-centric criteria</li> </ul> <h2 class="wp-block-heading padding-top50 padding-bottom20 has-dark-blue-color has-text-color" id="vulnerability-intelligence">Vulnerability Intelligence Requires Broader Coverage and Deeper Context</h2> <p>As public enrichment becomes more selective, organizations will rely more heavily on alternative sources to maintain visibility and context.</p> <p>Effective <a href="https://flashpoint.io/ignite/vulnerability-intelligence/" rel="noreferrer noopener">vulnerability intelligence</a> requires:</p> <ul class="wp-block-list"> <li>Coverage across CVE and non-CVE vulnerabilities</li> <li>Continuous tracking of exploitation activity and adversary usage</li> <li>Context on exploit maturity, and remediation</li> <li>Consistent enrichment that can be integrated into operational workflows</li> </ul> <p>This level of detail supports faster and more accurate decision-making in environments where both volume and speed are increasing.</p> <p>Flashpoint’s vulnerability intelligence model is built to address these requirements, with a dataset that includes over <a href="https://flashpoint.io/blog/flashpoint-surpasses-cataloging-7000-known-exploited-vulnerabilities/" rel="noreferrer noopener">7,000 known exploited vulnerabilities</a> and ongoing analyst-driven enrichment across global sources.</p> <h2 class="wp-block-heading padding-top50 padding-bottom20" id="what-to-do">What Security Teams Should Do Next</h2> <p>This shift in NVD operations does not change the need to track CVEs. It changes how that data can be used. Security teams should evaluate how their current workflows depend on:</p> <ul class="wp-block-list"> <li>NVD enrichment for prioritization</li> <li>CVSS scoring as a primary decision input</li> <li>Completeness of public vulnerability data</li> </ul> <p>From there, teams can take steps to strengthen resilience:</p> <ul class="wp-block-list"> <li>Incorporate sources of vulnerability intelligence that cover CVE and more</li> <li>Align prioritization to exploitation activity and environmental relevance</li> <li>Validate coverage across software, cloud, and third-party dependencies</li> <li>Ensure that enrichment gaps do not delay remediation decisions</li> </ul> <h2 class="wp-block-heading padding-top50 padding-bottom20" id="structural-shift">A Structural Shift in Vulnerability Data</h2> <p>For many teams, NVD has been a default source of vulnerability context. This change makes clear that its role is narrowing at a time when disclosure volume and prioritization demands are increasing.</p> <p>At the same time, the role of vulnerability intelligence is expanding.</p> <p>Security teams need access to data that supports prioritization, not just identification. They need consistent enrichment, faster turnaround, broader coverage, and context tied to real-world activity. As disclosure volumes continue to grow, those requirements become more central to how organizations manage risk.</p> <p>Flashpoint’s Vulnerability Intelligence provides this level of coverage and context, with analyst-driven enrichment, global visibility across CVE and non-CVE vulnerabilities, and a dataset that includes over 7,000 known exploited vulnerabilities.</p> <p><a href="https://flashpoint.io/demo/" rel="noreferrer noopener">Request a demo</a> to see how Flashpoint helps security teams prioritize and act on vulnerability risk with greater precision and confidence.</p> </div> </div> </div> </div><div class="wp-block-group padding-top0"> <div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-group max-width-medium border-radius padding-top70 padding-bottom70 has-primary-blue-background-color has-background"> <div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <h2 class="wp-block-heading has-text-align-center padding-bottom30 has-primary-white-color has-text-color">Begin your free trial today.</h2> <div class="wp-block-columns tablet-columns text-align-center is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex"> <div class="wp-block-column is-vertically-aligned-center padding-right25 tablet-padding-right0 is-layout-flow wp-block-column-is-layout-flow"> <div class="block button-cta tablet-center"><a href="https://flashpoint.io/free-trial" class="btn-primary-white solid has-primary-blue-color no-icon right">Get a Free Trial</a></div> </div> <div class="wp-block-column is-vertically-aligned-center tablet-align-center is-layout-flow wp-block-column-is-layout-flow"> <p class="link white with-arrow bold padding-bottom0"><a href="https://flashpoint.io/contact-us/">Contact Sales</a></p> </div> </div> </div> </div> </div> </div><p>The post <a href="https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/">National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges</a> appeared first on <a href="https://flashpoint.io/">Flashpoint</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/" data-a2a-title="National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fnational-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges%2F&linkname=National%20Vulnerability%20Database%20%28NVD%29%20Shifts%20to%20Selective%20Enrichment%20as%20CVE%20Volume%20Surges" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fnational-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges%2F&linkname=National%20Vulnerability%20Database%20%28NVD%29%20Shifts%20to%20Selective%20Enrichment%20as%20CVE%20Volume%20Surges" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fnational-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges%2F&linkname=National%20Vulnerability%20Database%20%28NVD%29%20Shifts%20to%20Selective%20Enrichment%20as%20CVE%20Volume%20Surges" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fnational-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges%2F&linkname=National%20Vulnerability%20Database%20%28NVD%29%20Shifts%20to%20Selective%20Enrichment%20as%20CVE%20Volume%20Surges" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fnational-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges%2F&linkname=National%20Vulnerability%20Database%20%28NVD%29%20Shifts%20to%20Selective%20Enrichment%20as%20CVE%20Volume%20Surges" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://flashpoint.io/blog/">Threat Intelligence Blog | Flashpoint</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Flashpoint">Flashpoint</a>. Read the original post at: <a href="https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/">https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/</a> </p>