Post cover image

June 2, 2026

Vulnerability Data Enrichment for CVE Records: 259 CNAs on the Enrichment Recognition List for June…

The “CNA Enrichment Recognition List” for June 1, 2026, is now available with 259 CNAs listed. Published monthly on the CVE website, the…

CVE Program Blog

3 min read

The "CNA Enrichment Recognition List" for June 1, 2026, is now available with 259 CNAs listed. Published monthly on the CVE website, the list recognizes those CVE Numbering Authorities (CNAs) that are actively providing enhanced vulnerability data in their CVE Records. CNAs are added to the list if they provide Common Vulnerability Scoring System (CVSS) and Common Weakness Enumeration (CWE™) in at least 98% of their records that were published within two weeks of their most recently published record.

CNA Enrichment Recognition List criteria and reporting are intended to recognize those CNAs taking on the work to increase the value of CVE Records for downstream consumers, and encourage others to do the same. Enrichment Recognition List criteria may change over time. The most recent modifications occurred in June 2025 when data pulls were moved from every two weeks and based upon data from the last 12 months, to the current reporting of once-per-month data pulls based upon data from the previous six months.

For more about the recognition list, see "Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records." To learn more about vulnerability information types like CVSS and CWE, see the CVE Record User Guide. View the most current CNA Enrichment Recognition List on the CVE website Metrics page here.

CNA Enrichment Recognition List for June 1, 2026, with 259 CNAs listed:

  • 2N Telekomunikace a.s.
  • Acer Inc.
  • Acronis International GmbH
  • Adobe Systems Incorporated
  • Airbus
  • AlgoSec
  • Alibaba, Inc.
  • Altera
  • Altium
  • Amazon
  • AMI
  • ARC Informatique
  • Arista Networks, Inc.
  • Asea Brown Boveri Ltd.
  • ASR Microelectronics Co., Ltd.
  • ASUSTeK Computer Incorporation
  • ASUSTOR Inc.
  • Austin Hackers Anonymous
  • Autodesk
  • Automotive Security Research Group (ASRG)
  • Axis Communications AB
  • BeyondTrust Inc.
  • Bitdefender
  • Black Duck Software, Inc.
  • Black Lantern Security
  • BlackBerry
  • Brocade Communications Systems LLC, a Broadcom Company
  • CA Technologies
  • Canon Inc.
  • Canonical Ltd.
  • Carrier Global Corporation
  • Cato Networks
  • CERT.PL
  • CERT@VDE
  • Check Point Software Technologies Ltd.
  • Checkmk GmbH
  • Cisco Systems, Inc.
  • CODRA
  • Commvault Systems Inc
  • Computer Incident Response Center Luxembourg (CIRCL)
  • Concrete CMS
  • ConnectWise LLC
  • Crafter CMS
  • Crestron Electronics, Inc.
  • CrowdStrike Holdings, Inc.
  • CyberDanube
  • Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
  • Dahua Technologies
  • Dassault Systèmes
  • Delinea, Inc.
  • Dell EMC
  • Delta Electronics, Inc.
  • Django Software Foundation
  • Docker Inc.
  • dotCMS LLC
  • Dragos, Inc.
  • Dutch Institute for Vulnerability Disclosure (DIVD)
  • Echo Software Ltd
  • Elastic
  • EnterpriseDB Corporation
  • Ericsson
  • Erlang Ecosystem Foundation
  • ESET, spol. s r.o.
  • EU Agency for Cybersecurity (ENISA)
  • Everpure, Inc.
  • Extreme Networks, Inc.
  • F5 Networks
  • Fedora Project (Infrastructure Software)
  • Fermax Technologies SLU
  • Financial Security Institute (FSI)
  • floragunn GmbH
  • Fluid Attacks
  • Forcepoint
  • Fortinet, Inc.
  • Fortra, LLC
  • Foxit Software Incorporated
  • FPT SOFTWARE CO., LTD
  • Gallagher Group Ltd
  • Gen Digital Inc.
  • Genetec Inc.
  • GeoVision Inc.
  • GitHub (maintainer security advisories)
  • GitHub Inc, (Products Only)
  • GitLab Inc.
  • Glyph & Cog, LLC
  • Google Cloud
  • Google LLC
  • Gridware Cybersecurity
  • HackerOne
  • Hackrate Kft.
  • HackRTU
  • Hallo Welt! GmbH
  • Hanwha Vision Co., Ltd.
  • Harborist
  • HashiCorp Inc.
  • HCL Software
  • HeroDevs
  • HiddenLayer, Inc.
  • Hillstone Networks Inc.
  • Hitachi Energy
  • Hitachi Vantara
  • Hitachi, Ltd.
  • HP Inc.
  • Huawei Technologies
  • HYPR Corp
  • ICS-CERT
  • Indian Computer Emergency Response Team (CERT-In)
  • Insyde Software
  • Intel Corporation
  • Internet Systems Consortium (ISC)
  • Intigriti
  • Israel National Cyber Directorate
  • Ivanti
  • Jamf
  • Jaspersoft
  • JetBrains s.r.o.
  • JFROG
  • Johnson Controls
  • JPCERT/CC
  • Juniper Networks, Inc.
  • Kaspersky
  • KNIME AG
  • KrakenD, S.L.
  • KrCERT/CC
  • Kubernetes
  • Larry Cashdollar
  • Legion of the Bouncy Castle Inc.
  • Lexmark International Inc.
  • M-Files Corporation
  • Maritime Hacking Village
  • Mattermost, Inc
  • Mautic
  • Medtronic
  • Microchip Technology
  • Microsoft Corporation
  • Milestone Systems A/S
  • Mitsubishi Electric Corporation
  • MongoDB
  • Moxa Inc.
  • National Cyber Security Centre Finland
  • National Cyber Security Centre SK-CERT
  • National Instruments
  • NEC Corporation
  • Neo4j
  • NETGEAR
  • Netskope
  • Network Optix
  • Nozomi Networks Inc.
  • Nutanix
  • Nvidia Corporation
  • OMRON Corporation
  • Open Design Alliance
  • OpenHarmony
  • OpenJS Foundation
  • OpenText (formerly Micro Focus)
  • OpenVPN Inc.
  • OPPO
  • OTRS AG
  • Palantir Technologies
  • Palo Alto Networks
  • Pandora FMS
  • PaperCut Software Pty Ltd
  • Patchstack OÜ
  • Payara
  • Pegasystems
  • Pentraze Cybersecurity
  • Perforce
  • PHP Group
  • Ping Identity Corporation
  • PostgreSQL
  • Progress Software Corporation
  • Project Black
  • Protect AI
  • PTC Inc.
  • Python Software Foundation
  • QNAP Systems, Inc.
  • Qualcomm, Inc.
  • Radiometer Medical ApS
  • rami.io GmbH
  • Rapid7, Inc.
  • Real-Time Innovations, Inc.
  • Red Hat CNA-LR
  • Robert Bosch GmbH
  • Rockwell Automation
  • runZero, Inc.
  • S21sec Cyber Solutions by Thales
  • SailPoint Technologies
  • Samsung TV & Appliance
  • SAP SE
  • SBA Research gGmbH
  • Schneider Electric SE
  • SCHUTZWERK GmbH
  • Secomea
  • Securin
  • Security Risk Advisors
  • ServiceNow
  • SICK AG
  • Siemens
  • Silicon Labs
  • Snowflake
  • Snyk
  • Softing
  • SoftIron
  • SolarWinds
  • Sonatype Inc.
  • Spanish National Cybersecurity Institute, S.A.
  • Spartans Security
  • StrongDM
  • Switzerland National Cyber Security Centre (NCSC)
  • Symantec — A Division of Broadcom
  • Synaptics
  • Synology Inc.
  • Talos
  • Tanium Inc.
  • TCS-CERT
  • TeamViewer Germany GmbH
  • Temporal Technologies Inc.
  • Tenable Network Security, Inc.
  • Teradyne Robotics
  • Thales Group
  • The Browser Company of New York
  • The Document Foundation
  • The Missing Link Australia (TML)
  • The Qt Company
  • The Rust Project
  • The Tcpdump Group
  • TianoCore.org
  • Tigera
  • Toreon
  • TP-Link Systems Inc.
  • TR-CERT (Computer Emergency Response Team of the Republic of Turkey)
  • Trellix
  • Turan Security
  • TWCERT/CC
  • TYPO3 Association
  • upKeeper Solutions
  • Vaadin Ltd.
  • Vivo Mobile Communication Technology Co., LTD.
  • VMware
  • VulDB
  • VulnCheck
  • VULSec Labs
  • WatchGuard Technologies, Inc.
  • Western Digital
  • Wiz, Inc.
  • wolfSSL Inc.
  • Wordfence
  • Xerox Corporation
  • Yandex N.V.
  • Yokogawa Group
  • Yugabyte, Inc.
  • Zabbix
  • Zero Day Initiative
  • Zohocorp
  • Zoom Video Communications, Inc.
  • Zscaler, Inc.
  • ZTE Corporation
  • ZUSO Advanced Research Team (ZUSO ART)
  • Zyxel Corporation