Research Report

2026 State of Exploitation:

Exploring the Network Edge

Derived from the 2026 State of Exploitation Report, this research examines 181 known exploited network edge device vulnerabilities from 2025 and uncovers a significant gap between where exploitation is actually occurring and what most security teams are tracking. More than three-quarters of these vulnerabilities do not appear in CISA KEV, and nearly half affect devices that vendors no longer support. The devices being targeted are not limited to enterprise firewalls, consumer routers, wireless bridges, and mass-market networking equipment are a major part of the picture.

The data reveals a blind spot that attackers are already operating inside:

 42.5% of exploited edge device vulnerabilities affected end-of-life or likely end-of-life devices, with botnets disproportionately targeting unsupported infrastructure

Only 23.7% of exploited edge device vulnerabilities identified by VulnCheck appear in CISA KEV, leaving the majority invisible to teams dependent on federal catalogs

Consumer networking equipment accounts for 56% of exploited edge device vulnerabilities

The full report breaks down all 181 exploited edge device vulnerabilities from 2025, including detailed findings on EOL status, botnet targeting patterns, vendor geography, and exploitation timelines. If your visibility into edge device risk depends on CISA KEV alone, this research shows exactly what you are missing. 

Download Exploring the Network Edge Research Report to see the complete picture.