NIST Limits CVE Enrichment Following 263% Surge in Submissions

The National Institute of Standards and Technology (NIST) has announced changes to its handling of cybersecurity vulnerabilities and exposures (CVEs) in the National Vulnerability Database (NVD), limiting enrichment to those meeting specific criteria. This decision follows a 263% surge in CVE submissions. CVEs that do not meet the new conditions will still be listed in the NVD but without additional enrichment. No specific technical details, dates, or CVE IDs were provided in the announcement. The impact involves potential delays or gaps in vulnerability metadata for unenriched entries.