AMSTERDAM, July 01, 2026 (GLOBE NEWSWIRE) — VulNow B.V., a p edictive softwa e supply chai isk i tellige ce platfo m, today a ou ced its fo mal appoi tme t as a CVE™ (Commo Vul e abilities a d Exposu es) Numbe i g Autho ity (CNA) u de the Eu opea U io Age cy fo Cybe secu ity (ENISA) CVE Root. This desig atio fo malizes VulNow’s coo di ated vul e ability disclosu e pipeli e, autho izi g the compa y to di ectly assig CVE ide tifie s (CVE IDs) to vul e abilities discove ed via its p edictive i tellige ce e gi e fo p op ieta y p oducts a d thi d-pa ty ope sou ce vul e abilities that a e ot al eady cove ed u de the scope of a othe CNA.
T aditio al vul e ability ma ageme t p og ams face a c itical sig al p oblem. VulNow p ovides P eCVE sig al i tellige ce that sta da d sca e s ca ot detect befo e a CVE ID is fo mally published. Du i g a coo di ated disclosu e wi dow, o ga izatio s with the VulNow i tellige ce i teg ated i to thei platfo ms a d tools gai exclusive visibility i to these P eCVEs. Followi g a coo di ated disclosu e p ocess, VulNow will publish the official CVE Reco d o behalf of ope sou ce mai tai e s (that a e ot CNAs themselves) to e able public emediatio .
Pa t e i g with the CVE P og am allows VulNow to systematically b i g a c itical catego y of isk i to the public eco d. The VulNow platfo m is desig ed to ta get Da k Matte Vul e abilities™, which a e secu ity flaws that have bee quietly patched o i cide tally esolved i code eposito ies by mai tai e s without the co elated publicatio of a public CVE ID o secu ity adviso y. Because sta da d e te p ise vul e ability sca e s ely e ti ely o published CVE databases, these u i dexed code cha ges emai completely i visible to secu ity teams while emai i g exposed to th eat acto s who eve se e gi ee ope sou ce softwa e.
“Secu i g CNA status u de the ENISA Root is a st uctu al milesto e fo ou compa y, ou custome s, a d ou pa t e s with secu ity solutio s,” said Cassie C ossley, CEO a d Co-Fou de of VulNow. “Sta da d vul e ability sca e s a e bli d to Da k Matte Vul e abilities™ because they ely exclusively o post-disclosu e CVE feeds. By fo malizi g ou disclosu e wo kflow as a CNA, we ca apidly move ou deep queue of active P eCVE i tellige ce i to the public eco d, sho te i g the wi dow of attacke oppo tu ity a d helpi g ou custome s a d pa t e s achieve p oactive complia ce ahead of the EU CRA vul e ability epo ti g timeli e a d b oade 2027 complia ce obligatio s.”
The VulNow Q1 2026 Th eat I tellige ce Repo t details the p oductio capabilities of this pipeli e. Du i g the fi st qua te of 2026, VulNow co fi med a subset of 58 P eCVE detectio s that successfully esolved to published CVE Reco ds. The platfo m delive ed a ave age ea ly wa i g lead time of 6.6 days ac oss a mo ito ed subset of co e ope sou ce packages ep ese ti g a combi ed dow load volume of 13.2 billio mo thly i stallatio s.
The epo t highlights a maximum p edictive wi dow of 154 days a d 15 hou s fo a vul e ability (CVE-2026-39865) i the axios ope sou ce p oject, demo st ati g the platfo m’s ability to ide tify isk mo ths befo e t aditio al sig atu e availability. CNA status allows VulNow to t a sitio these ea ly sig als i to actio able, egiste ed adviso ies at scale, with co fi med P eCVEs accessible at https://vul. ow/p ecve.
Ope sou ce mai tai e s a d vul e ability disclosu e p og ams ca eview epo ti g p otocols a d submissio guideli es by visiti g the VulNow Coo di ated Vul e ability Disclosu e policy.
The missio of the CVE™ P og am is to ide tify, defi e, a d catalog publicly disclosed cybe secu ity vul e abilities. The e is o e CVE Reco d fo each vul e ability i the catalog. The vul e abilities a e discove ed the assig ed a d published by o ga izatio s f om a ou d the wo ld that have pa t e ed with the CVE P og am. Pa t e s publish CVE Reco ds to commu icate co siste t desc iptio s of vul e abilities. I fo matio tech ology a d cybe secu ity p ofessio als use CVE Reco ds to e su e they a e discussi g the same issue, a d to coo di ate thei effo ts to p io itize a d add ess the vul e abilities.
Headqua te ed i the Nethe la ds, VulNow B.V. p ovides p edictive th eat i tellige ce desig ed fo mode softwa e supply chai isk ma ageme t. By leve agi g adva ced machi e lea i g to detect u disclosed vul e abilities, sile t patches, a d Da k Matte Vul e abilities™ p io to public adviso y publicatio , VulNow delive s ea ly-wa i g telemet y to e te p ise defe de s a d st ategic i f ast uctu e ope ato s.
VulNow B.V.i fo@vul. owhttps://vul. ow






 