66% of analyzed CVEs had minimal real-world applicability.

May 27, 2026

66% of analyzed CVEs had minimal real-world applicability. — This cybersecurity statistic was published by JFrog in May 2026. It covers topics including Vulnerabilities, Risk Assessment, CVEs. The original data appears in 2026 Software Supply Chain Security State of the Union. For the full methodology and detailed findings, refer to the original report.

Source

View Original Report

Published on 5/20/2026

Share or Copy this stat

Frequently Asked Questions

What does this statistic say?

66% of analyzed CVEs had minimal real-world applicability. This data was published by JFrog and covers Vulnerabilities, Risk Assessment, CVEs.

Where does this data come from?

This statistic comes from 2026 Software Supply Chain Security State of the Union, published by JFrog on May 27, 2026. You can view the original report at https://jfrog.com/software-supply-chain-state-of-union/.

What cybersecurity topics does this cover?

This statistic relates to Vulnerabilities, Risk Assessment, CVEs. Browse more statistics on Vulnerabilities or from JFrog.

CYBERSTATS

66% of analyzed CVEs had minimal real-world applicability.

Source

Share or Copy this stat

Frequently Asked Questions

Want More Statistics Like This?

Related Statistics

Over 48,000 CVEs were published globally in 2025, an 18% year-on-year increase.

From 2024 to 2025, the number of critical vulnerabilities carried across vendors serving the financial sector increased 387%.

Three of four Chinese LLMs generate hidden security vulnerabilities when prompted with a U.S. government persona.

Among the 140 vendors whose client base is meaningfully concentrated in finance, critical vulnerabilities increased 181%.

9% of Nordic CISOs cited vulnerabilities as their primary concern.

73% of Nordic CISOs either explicitly state that no vulnerabilities have been exploited or are unable to point out concrete cases.

Browse by Topic

Stay Ahead of Cyber Threats