Skip to main content

CYBERSTATS

Security Intelligence

Back to Home

25% of ICS-CERT and NVD vulnerabilities have incorrect CVSS scores.

Dragos
February 22, 2026
VulnerabilitiesVulnerability ScoringICS-CERTNVD VulnerabilitiesCVSS Scores

25% of ICS-CERT and NVD vulnerabilities have incorrect CVSS scores. — This cybersecurity statistic was published by Dragos in February 2026. It covers topics including Vulnerabilities, Vulnerability Scoring, ICS-CERT, NVD Vulnerabilities, CVSS Scores. The original data appears in 2026 OT Cybersecurity Year in Review . For the full methodology and detailed findings, refer to the original report.

Source

View Original Report

Published on 2/17/2026

Share or Copy this stat

Frequently Asked Questions

What does this statistic say?

25% of ICS-CERT and NVD vulnerabilities have incorrect CVSS scores. This data was published by Dragos and covers Vulnerabilities, Vulnerability Scoring, ICS-CERT, NVD Vulnerabilities, CVSS Scores.

Where does this data come from?

This statistic comes from 2026 OT Cybersecurity Year in Review , published by Dragos on February 22, 2026. You can view the original report at https://www.dragos.com/ot-cybersecurity-year-in-review.

What cybersecurity topics does this cover?

This statistic relates to Vulnerabilities, Vulnerability Scoring, ICS-CERT, NVD Vulnerabilities, CVSS Scores. Browse more statistics on Vulnerabilities or from Dragos.

Want More Statistics Like This?

Get the latest cybersecurity stats delivered to your inbox every week

Related Statistics

N-day vulnerabilities represent over 80% of all Known Exploited Vulnerabilities (KEVs) tracked over the past four years.

Flashpoint2/14/2026
VulnerabilitiesExploit TrendsN-Day Vulnerabilities

Of the 65 CVEs discussed by the BlackBasta ransomware group, 54 are Known Exploited Vulnerabilities (KEVs).

Flashpoint2/14/2026
RansomwareVulnerabilitiesBlackBasta

In 2025, 37 N-day vulnerabilities and 52 zero-day vulnerabilities specifically targeted security and perimeter software.

Flashpoint2/14/2026
VulnerabilitiesN-Day VulnerabilitiesZero-Day Vulnerabilities

71% of exploited vulnerabilities are not in the CISA KEV catalog.

Forescout Technologies Inc2/5/2026
VulnerabilitiesKEV

242 vulnerabilities are added to the CISA Known Exploited Vulnerabilities catalog, a 30% year-over-year increase, and 285 vulnerabilities are added to the Vedere Labs KEV, a 213% year-over-year increase.

Forescout Technologies Inc2/5/2026
VulnerabilitiesKEV

AI-generated code results in 15–18% more security vulnerabilities per line of code compared to human-written code.

Opsera2/4/2026
Software SecurityVulnerabilities

Browse by Topic

VulnerabilitiesVulnerability ScoringICS-CERTNVD VulnerabilitiesCVSS ScoresMore from Dragos

Stay Ahead of Cyber Threats

Join 1,000+ security professionals getting weekly insights