During Operation Lunar Peak in November 2024, attackers gained unauthenticated remote admin access – and ultimately root – to more than 13,000 exposed Palo Alto Networks management interfaces. Palo Alto Networks scored CVE-2024-0012 at 9.3 and CVE-2024-9474 at 6.9 under CVSS v4.0. The NVD scored the same pair 9.8 and 7.2 under CVSS v3.1. Two scoring systems. Two different answers for the same vulnerabilities. Fell below 6.9 patch threshold. Administrator access appeared to be required. 9.3 sets queued for maintenance. The division will persist.
"Opponents avoid [severity ratings] By combining weaknesses together," Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, told VentureBeat in an exclusive interview on April 22, 2026. On triage logic that the series missed: "He had amnesia only 30 seconds ago."
Both CVEs are included in the CISA list of known exploited vulnerabilities. No scores marked the kill streak. The triage logic that consumed those scores treated each CVE as a separate event, and the SLA dashboard and board also reported those dashboard feeds.
CVSS did exactly what it was designed to do. Score one vulnerability at a time. The problem is that adversaries do not attack the same vulnerabilities at a time.
"CVSS base scores are theoretical measures of severity that ignore real-world context," wrote Peter Chronis, former CISO of Paramount and a security leader with Fortune 100 experience. By moving to CVSS-first priority at Paramount, Chronis reported reducing actionable critical and high-risk vulnerabilities by 90%. Chris Gibson, executive director of FIRST, the organization that maintains the CVSS, has been equally direct: The preference is to use the CVSS base score alone. "least appropriate and accurate" method, Gibson told The Register. FIRST’s own EPSS and CISA’s SSVC decision models address this gap by combining exploitation probability and decision-tree logic.
The five triage failure classes CVSS was never designed to capture
In 2025, 48,185 CVEs were disclosed, an increase of 20.6% year-on-year. Jerry Gamblin, principal engineer for Cisco Threat Detection and Response, projects 70,135 for 2026. The infrastructure behind the score is buckling under that weight. NIST announced on April 15 that CVE submissions had increased by 263% since 2020, and that NVD will now prioritize enhancements only for CVEs and federally critical software.
1. Chained CVEs that look safe until they aren’t
The Palo Alto duo of Operation Lunar Peak is textbook. CVE-2024-0012 bypasses authentication. CVE-2024-9474 Elevated privileges. Scored separately under both CVSS v4.0 and v3.1, the escalation defect filtered below most enterprise patch thresholds because administrator access appeared to be necessary. Authentication bypass upstream eliminated that condition completely. Neither score communicated a compound effect.
Meyers described the operational psychology: Teams evaluated each CVE independently, prioritizing lower scores, and queuing higher ones for maintenance.
2. Opponents of the nation-state who turn pieces into weapons within a few days
The CrowdStrike 2026 Global Threat Report recorded a 42% year-over-year increase in vulnerabilities exploited as zero-days before public disclosure. Average breakout time in observed intrusions: 29 minutes. Fastest observed breakout: 27 seconds. China-aligned adversaries weaponized the newly added vulnerabilities within two to six days of the disclosure.
"Earlier, Patch Tuesday used to happen once a month. Now it’s patched every day, all the time. This is what this new world looks like," said Daniel Bernard, chief business officer of CrowdStrike. KEV additions that were treated as a regular queue item on Tuesday become an active exploitation window by Thursday.
3. Accumulated CVEs that nation-state actors have over the years
Salt Typhoon accessed the communications of senior US political figures by combining CVE-2023-20198 with CVE-2023-20273 on Internet-facing Cisco devices during the presidential transition, a privilege escalation pair patched in October 2023 and not implemented more than a year later. The compromised credentials provided a parallel entry vector. Patches were present. Neither was implemented.
According to the CrowdStrike 2026 Global Threat Report, 67 percent of the vulnerabilities exploited by China-Nexus adversaries in 2025 were remote code execution flaws, which provided immediate system access. CVSS does not reduce priority based on how long a CVE has been unpatched. No board metric tracks legacy KEV exposure.
That silence is insecurity.
4. Identification gaps that never enter the scoring system
A 2023 help desk social engineering call against a major enterprise resulted in a loss of over $100 million. No CVE was assigned. No CVSS score was present. No patch pipeline entry created. There was a manual process gap in vulnerability identification verification, which was completely outside the aperture of the scoring system.
"A professional requires zero days if all you have to do is call the help desk and say I have forgotten my password," Meyers said.
Agent AI systems now have their own identity credentials, API tokens, and permission scopes, operating outside the traditional vulnerability management regime. EncryptAI’s CSO Merritt Baer has argued on record that the related vulnerabilities are equivalent in the same reporting pipeline as identity-surface control software CVEs. In most organizations, the help desk authentication gap and the agentic AI credential inventory reside in a separate governance silo. In practice, no one rules.
5. AI-accelerated search that breaks pipeline capacity
Anthropic’s Cloud Mythos preview demonstrated autonomous vulnerability discovery, exploiting a 27-year-old unsigned integer overflow in OpenBSD’s TCP SACK implementation, run on approximately 1,000 scaffolds at a total compute cost of less than $20,000. Meyers offered a thought-experiment projection in an exclusive interview with VentureBeat: If Frontier AI increases volume 10x, the result is about 480,000 CVEs annually. Pipelines built for 48,000 break at 70,000 and collapse at 480,000. NVD promotion for non-KEV submissions has already ended.
"If the adversary is now able to find vulnerabilities faster than the defenders or the business can, that is a bigger problem, because those vulnerabilities become exploitable," said Daniel Bernard, chief business officer of CrowdStrike.
CrowdStrike on Thursday launched Project Quiltworks, a remediation alliance with Accenture, EY, IBM Cyber Security Services, Kroll, and OpenAI created to address the volume of vulnerabilities now being generated in production code by frontier AI models. When five major companies form an alliance around a pipeline problem, no one organization’s patch workflow can keep pace.
Security Director Action Plan
The five failure classes above reflect five specific actions.
Run a chain-dependency audit on every KEV CVE in the environment this month. Flag any co-resident CVE with a score of 5.0 or higher, the threshold where privilege escalation and lateral movement capabilities typically appear in CVSS vectors. Any pair that bypasses authentication is considered important regardless of individual score for privilege escalation.
Compress KEV-to-patch SLA to 72 hours for Internet-facing systems. CrowdStrike 2026 Global Threat Report breakout data, with an average of 29 minutes and fastest data of 27 seconds, makes the weekly patch window indispensable in the board presentation.
Create monthly KEV aging report for the board. Each unpatched KEV CVE, days since disclosure, days since patch availability, and owner. Salt Typhoon took advantage of a Cisco CVE patched 14 months ago because no escalation path existed for the aging vulnerability.
Add identity-surface controls to the vulnerability reporting pipeline. Help desk authentication intervals and agentic AI credential inventory software are in the same SLA framework as CVEs. If they sit in a separate governance silo, they sit under no one’s governance.
Stress-tested pipeline capability at 1.5x and 10x current CVE volumes. Gamblin projects 70,135 for 2026. Meyers’ thought-experiment projection: Frontier AI could push annual volume beyond 480,000. Present the capacity gap to the CFO before the next budget cycle, not after the violation that proves the gap occurred.
<a href