The vulnerability landscape in Q1 2026 | Securelist Dark mode Securelist menu English Russian Spanish Brazil Existing Customers Personal My Kaspersky Renew your product Update your product Customer support Business KSOS portal Kaspersky Business Hub Technical Support Knowledge Base Renew License Home Products Trials&Update Resource Center Kaspersky Next Small Business (1-50 employees) Medium Business (51-999 employees) Enterprise (1000+ employees) Securelist Threats Financial threats Mobile threats Web threats Secure environment (IoT) Vulnerabilities and exploits Spam and Phishing Industrial threats Categories APT reports Incidents Research Malware reports Spam and phishing reports Publications Kaspersky Security Bulletin Archive All Tags APT Logbook Webinars Statistics Encyclopedia Threats descriptions KSB 2021 About Us Company Transparency Corporate News Press Center Careers Sponsorships Policy Blog Contacts Partners Find a Partner Partner Program Content menu Close Subscribe Statistics on registered vulnerabilities Exploitation statistics Windows and Linux vulnerability exploitation Most common published exploits Vulnerability exploitation in APT attacks C2 frameworks Notable vulnerabilities CVE-2026-21519: Desktop Window Manager vulnerability RegPwn (CVE-2026-21533): a system settings access control vulnerability CVE-2026-21514: a Microsoft Office vulnerability Clawdbot (CVE-2026-25253): an OpenClaw vulnerability CVE-2026-34070: LangChain framework vulnerability CVE-2026-22812: an OpenCode vulnerability Conclusion and advice Authors Alexander Kolesnikov During Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems. In this report, we dive into the statistics on published vulnerabilities and exploits, as well as the known vulnerabilities leveraged by popular C2 frameworks throughout Q1 2026. Statistics on registered vulnerabilities This section provides statistical data on registered vulnerabilities.