Bastion Codex – Weekly Defender Brief (2026-04-13)

This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.

Bastion Codex – Weekly Defender Brief

Week of 2026-04-13

Executive Snapshot

  • 1643 CVEs observed in the last 7 days
  • 135 Critical
  • 526 High
  • 1 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: 286 (from 1357 to 1643, 21.1%)
  • Critical: 21 (from 114 to 135, 18.4%)
  • High: 84 (from 442 to 526, 19.0%)
  • Medium: 50 (from 494 to 544, 10.1%)
  • Low: -11 (from 55 to 44, -20.0%)
  • Unknown: 142 (from 252 to 394, 56.3%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 135
  • High: 526
  • Medium: 544
  • Low: 44
  • Unknown: 394

Top Vendors (30 Days)

  • Fortinet: 1

Top Products (30 Days)

  • FortiClient EMS: 1

Priority Watchlist (Top 10)

  • CVE-2026-1340 | CVSS: 9.8 | KEV: True | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
  • CVE-2026-35616 | CVSS: 9.8 | KEV: True | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unau
  • CVE-2025-54236 | CVSS: 9.1 | KEV: True | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Vali
  • CVE-2021-30633 | CVSS: None | KEV: True | Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer proce
  • CVE-2021-34527 | CVSS: None | KEV: True | Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privile
  • CVE-2015-1642 | CVSS: None | KEV: True | Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.
  • CVE-2006-2492 | CVSS: None | KEV: True | Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
  • CVE-2016-6367 | CVSS: None | KEV: True | A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a de
  • CVE-2025-25257 | CVSS: None | KEV: True | Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or comm
  • CVE-2021-36942 | CVSS: None | KEV: True | Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on

Generated via Bastion Codex pipeline at 2026-04-13T13:05:54.932751+00:00