Annual recap
Mobile security · 2026
2026 review indexed by Appaloosa Scout: 1 077 mobile CVE published, 17 added to the CISA KEV catalog (exploited in real attacks), 0 mobile apps affected by at least one KEV.
- CVE indexed this year
- 1 077
- CISA KEV added
- 17
- Tracked apps affected
- 0
Severity distribution
CRITICAL
103
HIGH
655
MEDIUM
51
LOW
3
Top 10 mobile KEV of the year
Sorted by number of mobile apps affected (CVSS as tiebreaker).
| CVE | Severity | Apps | Added to KEV | Description |
|---|---|---|---|---|
|
CVE-2026-20963
0 apps
|
HIGH 9.8 | 0 | 2026-03-18 | Microsoft SharePoint Remote Code Execution Vulnerability |
|
CVE-2024-43468
0 apps
|
CRITICAL 9.8 | 0 | 2026-02-12 | Microsoft Configuration Manager Remote Code Execution Vulnerability |
|
CVE-2023-21529
0 apps
|
HIGH 8.8 | 0 | 2026-04-13 | Microsoft Exchange Server Remote Code Execution Vulnerability |
|
CVE-2026-21510
0 apps
|
HIGH 8.8 | 0 | 2026-02-10 | Windows Shell Security Feature Bypass Vulnerability |
|
CVE-2026-21513
0 apps
|
HIGH 8.8 | 0 | 2026-02-10 | MSHTML Framework Security Feature Bypass Vulnerability |
|
CVE-2026-42897
0 apps
|
CRITICAL 8.1 | 0 | 2026-05-15 | Microsoft Exchange Server Spoofing Vulnerability |
|
CVE-2022-0492
0 apps
|
HIGH 7.8 | 0 | 2026-06-02 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw under certa… |
|
CVE-2026-41091
0 apps
|
HIGH 7.8 | 0 | 2026-05-20 | Microsoft Defender Elevation of Privilege Vulnerability |
|
CVE-2026-31431
0 apps
|
HIGH 7.8 | 0 | 2026-05-01 | crypto: algif_aead - Revert to operating out-of-place |
|
CVE-2026-33825
0 apps
|
HIGH 7.8 | 0 | 2026-04-22 | Microsoft Defender Elevation of Privilege Vulnerability |
Methodology
KEV: added to the CISA catalog during the year (kev_added_date). CVE: NVD publication date. Apps: those indexed in Scout at query time; the history evolves as new mappings are added.