87% of Organizations Have Exploitable Software Vulnerabilities in Production
Summary
Hide ▲
Show ▼
A report by DataDog reveals that 87% of organizations have at least one exploitable software vulnerability in production, affecting 40% of all services. Vulnerabilities are most common in Java (59%), .NET (47%), and Rust (40%) services. Only 18% of critical dependency vulnerabilities remain critical after adjusting severity scores with runtime and CVE context. The report also highlights risks at both ends of the software lifecycle, including outdated dependencies and rapid adoption of new library versions.
Timeline
-
26.02.2026 16:00 1 articles · 4h ago
DataDog Report Reveals 87% of Organizations Have Exploitable Vulnerabilities
A new report from DataDog reveals that 87% of organizations have at least one exploitable software vulnerability in production, affecting 40% of all services. Vulnerabilities are most common in Java, .NET, and Rust services. Only 18% of critical dependency vulnerabilities remain critical after adjusting severity scores with runtime and CVE context. The report also highlights risks at both ends of the software lifecycle, including outdated dependencies and rapid adoption of new library versions.
Show sources
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00
Information Snippets
-
87% of organizations have at least one exploitable software vulnerability in production.
First reported: 26.02.2026 16:001 source, 1 articleShow sources
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00
-
40% of all services are affected by these vulnerabilities.
First reported: 26.02.2026 16:001 source, 1 articleShow sources
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00
-
Vulnerabilities are most common in Java (59%), followed by .NET (47%) and Rust (40%).
First reported: 26.02.2026 16:001 source, 1 articleShow sources
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00
-
Only 18% of critical dependency vulnerabilities remain critical after adjusting severity scores with runtime and CVE context.
First reported: 26.02.2026 16:001 source, 1 articleShow sources
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00
-
98% of .NET dependency vulnerabilities are downgraded from critical once context is considered.
First reported: 26.02.2026 16:001 source, 1 articleShow sources
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00
-
The median software dependency is 278 days out of date, with Java (492 days) and Ruby (357 days) faring worse.
First reported: 26.02.2026 16:001 source, 1 articleShow sources
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00
-
Libraries published in 2025 have on average 1.3 vulnerabilities, compared to 1.9 in 2024 and 3.8 in 2023.
First reported: 26.02.2026 16:001 source, 1 articleShow sources
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00
-
50% of organizations adopt new library versions within 24 hours of release, and only 4% pin all public GitHub Actions to a specific version using commit hashes.
First reported: 26.02.2026 16:001 source, 1 articleShow sources
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00
-
Supply chain attacks like s1ngularity and Shai-Hulud spread due to DevOps teams using malicious versions of libraries as soon as they were released.
First reported: 26.02.2026 16:001 source, 1 articleShow sources
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00