CISA, NSA, FBI, and International Partners Issue Advisory on the Top Routinely Exploited Vulnerabilities in 2022

Home / Articles / External / Government


August 22, 2023 | Originally published by NSA on August 3, 2023

In 2022, malicious cyber actors continued exploiting known software vulnerabilities to target unpatched systems and applications, including some vulnerabilities that have been known for more than five years, according to a newly released joint Cybersecurity Advisory (CSA) from U.S. and foreign partner intelligence agencies.

The “2022 Top Routinely Exploited Vulnerabilities” CSA provides details on the top common vulnerabilities and exposures (CVEs) routinely exploited by malicious cyber actors who continue targeting unpatched systems and applications – all known vulnerabilities from 2017 to 2022 that have not been mitigated. The authoring agencies recommend immediate patching of these CVEs to reduce the risk of compromise.