Performing CVE Prioritization with KEV Catalog

Overview

The CISA Known Exploited Vulnerabilities (KEV) catalog, established through Binding Operational Directive (BOD) 22-01, is a living list of CVEs that have been actively exploited in the wild and carry significant risk. As of early 2026, the catalog contains over 1,484 entries, growing 20% in 2025 alone with 245 new additions. This skill covers integrating the KEV catalog into vulnerability prioritization workflows alongside EPSS (Exploit Prediction Scoring System) and CVSS to create a risk-based approach that prioritizes vulnerabilities with confirmed exploitation activity over theoretical severity alone.

When to Use

• When conducting security assessments that involve performing cve prioritization with kev catalog
• When following incident response procedures for related security events
• When performing scheduled security testing or auditing activities
• When validating security controls through hands-on testing

Prerequisites

• Access to vulnerability scan results (Qualys, Nessus, Rapid7, etc.)
• Familiarity with CVE identifiers and NVD
• Understanding of CVSS scoring (v3.1 and v4.0)
• API access to CISA KEV, EPSS, and NVD endpoints
• Python 3.8+ with requests and pandas libraries