Bastion Codex – Weekly Defender Brief (2026-05-25)

This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.

Bastion Codex – Weekly Defender Brief

Week of 2026-05-25

Executive Snapshot

  • 970 CVEs observed in the last 7 days
  • 107 Critical
  • 305 High
  • 4 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: -924 (from 1894 to 970, -48.8%)
  • Critical: -36 (from 143 to 107, -25.2%)
  • High: -425 (from 730 to 305, -58.2%)
  • Medium: -286 (from 669 to 383, -42.8%)
  • Low: -32 (from 71 to 39, -45.1%)
  • Unknown: -145 (from 281 to 136, -51.6%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 107
  • High: 305
  • Medium: 383
  • Low: 39
  • Unknown: 136

Top Vendors (30 Days)

  • Microsoft: 2
  • Drupal: 1
  • Trend Micro: 1

Top Products (30 Days)

  • Defender: 2
  • Apex One: 1
  • Core: 1

Priority Watchlist (Top 10)

  • CVE-2008-4250 | CVSS: 9.8 | KEV: True | The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta a
  • CVE-2026-33017 | CVSS: 9.8 | KEV: True | Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp
  • CVE-2026-9082 | CVSS: 9.8 | KEV: True | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Drupal Drupal core allows SQL Injectio
  • CVE-2009-1537 | CVSS: 8.8 | KEV: True | Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows
  • CVE-2009-3459 | CVSS: 8.8 | KEV: True | Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to exe
  • CVE-2010-0249 | CVSS: 8.8 | KEV: True | Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2
  • CVE-2010-0806 | CVSS: 8.8 | KEV: True | Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote at
  • CVE-2025-34291 | CVSS: 8.8 | KEV: True | Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An over
  • CVE-2026-31431 | CVSS: 7.8 | KEV: True | In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reve

  • CVE-2026-41091 | CVSS: 7.8 | KEV: True | Improper link resolution before file access (‘link following’) in Microsoft Defender allows an authorized attacker to elevate privileges loc

Generated via Bastion Codex pipeline at 2026-05-25T15:49:39.546779+00:00