Exploits and vulnerabilities in Q1 2026

This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 frameworks in APT attacks.

During Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems. In this report, we dive into the statistics on published vulnerabilities and exploits, as well as the known vulnerabilities leveraged by popular C2 frameworks throughout Q1 2026. Statistics on registered vulnerabilities This section provides statistical data on registered vulnerabilities. The data is sourced from cve. org . We examine the number of registered CVEs for each month starting from January 2022.

The total volume of vulnerabilities continues rising and, according to current reports , the use of AI agents for discovering security issues is expected to further reinforce this upward trend. Total published vulnerabilities per month from 2022 through 2026 ( download ) Next, we analyze the number of new critical vulnerabilities (CVSS > 8. 9) over the same period. Total critical vulnerabilities published per month from 2022 through 2026 ( download ) The graph indicates that while the volume of critical vulnerabilities slightly decreased compared to previous years, an upward trend remained clearly visible.

At present, we attribute this to the fact that the end of last year was marked by the disclosure of several severe vulnerabilities in web frameworks. The current growth is driven by high-profile issues like React2Shell, the release of exploit frameworks for mobile platforms, and the uncovering of secondary vulnerabilities during the remediation of previously discovered ones. We will be able to test this hypothesis in the next quarter; if correct, the second quarter will show a significant decline, similar to the pattern observed in the previous year.

Exploitation statistics This section presents statistics on vulnerability exploitation for Q1 2026. The data draws on open sources and our telemetry. Windows and Linux vulnerability exploitation In Q1 2026, threat actor toolsets were updated with exploits for new, recently registered vulnerabilities.