By Kasturi Datta |
The 2026 Software Vulnerability Ratings Report from Action1, which provides autonomous endpoint management (AEM) solutions, highlights a dramatic acceleration in software vulnerability growth across enterprise environments.
To produce the report, Action1 looked at exploitation and vulnerability trends across enterprise software, network infrastructure, browsers, operating systems, office productivity tools, databases, mobile platforms and security software.
With a 92 per cent year-on-year increase in disclosed vulnerabilities and double the amount of critical and privilege vulnerabilities compared to last year, organisations are increasingly becoming at high risk of data breaches and operational disruption.
“2025 marked a turning point in cybersecurity operations,” said Jack Bicer, director of vulnerability research at Action1. “Attackers are now using AI and automation to accelerate vulnerability discovery and exploitation faster than more organisations can respond.”
Internet browsers are the most susceptible entry points for attackers, with an increase of 183 per cent in vulnerabilities compared to last year. Additionally, if a successful code execution takes place within a browser, it puts the organisation at risk of a full system compromise.
The report found an 800 per cent increase in enterprise application exploitation, highlighting collaboration, operational, enterprise resource planning and customer relationship management business platforms as popular attack targets.
Organisations which rely on manual patching processes and delay their scan cycles and maintenance windows are falling behind in operational security. The report highlights an urgent need for the incorporation of automated and continuous vulnerability remediation measures into workflows.
“The threat landscape is no longer just bigger – it’s faster, more automated and harder to detect,” said Alex Vovk, CEO and co-founder of Action1. “Patching is no longer simply an IT metric; it’s now a business resilience metric.”