NOTICE: Date/Time Normalization Maintenance of Historical CVE Records to Occur February 16–25, 2026

The CVE™ Program will normalize the formatting of date/time fields across historical CVE Records from February 16, 2026, through February…

CVE Program Blog

~2 min read · February 10, 2026 (Updated: February 11, 2026) · Free: Yes

The CVE™ Program will normalize the formatting of date/time fields across historical CVE Records from February 16, 2026, through February 25, 2026. As initially announced on January 6, 2026, this maintenance will update older CVE Records so their date/time values use the same standardized ISO 8601 UTC format already in place for records published or updated since February 2025:

yyyy-MM-ddTHH:mm:ss.sssZ (ISO-8601, UTC)

For example: 2025–07–11T19:32:03.983Z

Maintenance Window and Dates

The normalization activity will run in defined daily windows and will proceed in stages based on the publication year of the CVE Records in the following dates and year ranges:

Monday, February 16 — CVE Records published from 1999–2007
Tuesday, February 17 — CVE Records published from 2008–2012
Wednesday, February 18 — CVE Records published from 2013–2015
Thursday, February 19 — CVE Records published from 2016–2017
Friday, February 20 — CVE Records published from 2018–2019 (Part 1)
Monday, February 23 — CVE Records published from 2019 (Part 2)–2020
Tuesday, February 24 — CVE Records published from 2021–2022 (Part 1)
Wednesday, February 25 — CVE Records published

Each day, the maintenance effort will begin at 9:30 AM EST and end at 4:30 PM EST. During this time, the system will be fully operational and will accept (and publish) new CVE Records as normal.

View the CVE List Repository README for more detailed information.

What Is Changing — and What Is Not

As noted in the January 6, 2026, blog post, this maintenance affects only the formatting of specific date/time string fields (for example, datePublished, dateUpdated, dateReserved, dateRejected, datePublic, dateAssigned, and time values under timeline). The semantic meaning of the dates/times remains the same, and no other parts of the CVE Records will be changed.

Operational Updates During the Window

In total, this process will update approximately 200,000 historical CVE Records (between 25,000 and 30,000 records each day). Some automated systems may interpret these records as "modified" during the maintenance windows and trigger reprocessing, alerts, or customer notifications.

To help the community track progress and plan accordingly, the CVE Program will post on social media at the start and end of each maintenance window every day from February 16 through 20, and February 23 through 25.

Questions or Feedback

We appreciate the community's support as we continue improving the consistency and quality of CVE Records for all users.

If you have questions or concerns about this maintenance or its potential impact on your systems, please leave a comment here on the CVE Blog on Medium or use the CVE Request Web Form and select "Other" from the dropdown menu.