Back

Introduction of CVSS v4.0 and Retirement of CVSS v2.0

Severity: Low (Score: 27.9)

Sources: Nvd.Nist, nvd.nist.gov

Summary

The National Vulnerability Database (NVD) has announced the retirement of CVSS v2.0 assessments for newly published CVE records. As of April 10, 2026, the NVD will only provide CVSS assessments for versions 3.x and 4.0, which includes updated metric groups. CVSS v4.0 introduces a new structure with Base, Threat, Environmental, and Supplemental metrics, enhancing the scoring system for vulnerability severity. The NVD continues to offer CVSS calculators for all versions to aid users in assessing vulnerabilities. This change aims to standardize the measurement of vulnerability severity across various sectors. The NVD's decision reflects the evolving landscape of cybersecurity and the need for more precise vulnerability assessments. Organizations are encouraged to transition to the new CVSS standards for accurate vulnerability management. Key Points: • CVSS v2.0 assessments are no longer provided for new CVEs as of April 10, 2026. • CVSS v4.0 introduces new metric groups for improved vulnerability scoring. • The NVD provides calculators for all CVSS versions to assist in vulnerability assessment.

Key Entities

  • first.org (domain)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed