Bastion Codex – Weekly Defender Brief (2026-05-04)

This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.

Bastion Codex – Weekly Defender Brief

Week of 2026-05-04

Executive Snapshot

  • 1069 CVEs observed in the last 7 days
  • 83 Critical
  • 374 High
  • 3 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: -574 (from 1643 to 1069, -34.9%)
  • Critical: -52 (from 135 to 83, -38.5%)
  • High: -152 (from 526 to 374, -28.9%)
  • Medium: -144 (from 544 to 400, -26.5%)
  • Low: -8 (from 44 to 36, -18.2%)
  • Unknown: -218 (from 394 to 176, -55.3%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 83
  • High: 374
  • Medium: 400
  • Low: 36
  • Unknown: 176

Top Vendors (30 Days)

  • Linux: 1
  • Microsoft: 1
  • WebPros: 1

Top Products (30 Days)

  • Kernel: 1
  • Windows: 1
  • cPanel & WHM and WP2 (WordPress Squared): 1

Priority Watchlist (Top 10)

  • CVE-2026-41940 | CVSS: 9.8 | KEV: True | cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote atta
  • CVE-2025-54236 | CVSS: 9.1 | KEV: True | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Vali
  • CVE-2024-1708 | CVSS: 8.4 | KEV: True | ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker

the ability to execut

  • CVE-2026-31431 | CVSS: 7.8 | KEV: True | In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reve

  • CVE-2026-32202 | CVSS: 4.3 | KEV: True | Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
  • CVE-2021-33766 | CVSS: None | KEV: True | Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffi
  • CVE-2023-33009 | CVSS: None | KEV: True | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification
  • CVE-2021-21224 | CVSS: None | KEV: True | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a craft
  • CVE-2021-38647 | CVSS: None | KEV: True | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote c
  • CVE-2020-11978 | CVSS: None | KEV: True | A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.

Generated via Bastion Codex pipeline at 2026-05-04T16:06:24.731162+00:00