Bastion Codex – Weekly Defender Brief (2026-05-18)

This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.

Bastion Codex – Weekly Defender Brief

Week of 2026-05-18

Executive Snapshot

  • 1894 CVEs observed in the last 7 days
  • 143 Critical
  • 730 High
  • 4 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: 280 (from 1614 to 1894, 17.3%)
  • Critical: 20 (from 123 to 143, 16.3%)
  • High: 230 (from 500 to 730, 46.0%)
  • Medium: 193 (from 476 to 669, 40.5%)
  • Low: 3 (from 68 to 71, 4.4%)
  • Unknown: -166 (from 447 to 281, -37.1%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 143
  • High: 730
  • Medium: 669
  • Low: 71
  • Unknown: 281

Top Vendors (30 Days)

  • Cisco: 1
  • Linux: 1
  • Microsoft: 1
  • Palo Alto Networks: 1

Top Products (30 Days)

  • Catalyst SD-WAN: 1
  • Kernel: 1
  • Microsoft: 1
  • PAN-OS: 1

Priority Watchlist (Top 10)

  • CVE-2026-20182 | CVSS: 10.0 | KEV: True | May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was d
  • CVE-2024-7593 | CVSS: 9.8 | KEV: True | Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated a
  • CVE-2026-24858 | CVSS: 9.8 | KEV: True | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.
  • CVE-2026-0300 | CVSS: 9.8 | KEV: True | A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software all
  • CVE-2025-54236 | CVSS: 9.1 | KEV: True | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Vali
  • CVE-2026-42897 | CVSS: 8.1 | KEV: True | Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange Server allows an unauthorized att
  • CVE-2023-4911 | CVSS: 7.8 | KEV: True | A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This
  • CVE-2026-31431 | CVSS: 7.8 | KEV: True | In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reve

  • CVE-2023-44487 | CVSS: 7.5 | KEV: True | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as
  • CVE-2024-50302 | CVSS: 5.5 | KEV: True | In the Linux kernel, the following vulnerability has been resolved:

HID: core: zero-initialize the report buffer

Since the report buffer i

Generated via Bastion Codex pipeline at 2026-05-18T15:00:18.358543+00:00