Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA onboards ENISA for CVE TL-Root CNA role

Public Sector Action
First reported
Last updated
Happening score
H score 18
1 unique sources, 1 articles

Summary

Hide ▲

ENISA is being onboarded by CISA to become a top-level root CVE Numbering Authority (TL-Root CNA) in the CVE Program, expanding the European agency’s influence over global vulnerability coordination. The move would give ENISA a larger role in onboarding European CNAs and helping shape the program’s rules alongside CISA and MITRE. ENISA officials said they hope to reach the status in 2026 or early 2027. The program currently has 502 CNAs, including 83 Europe-based organizations.

Related Happenings

CISA KEV directive for CVE-2026-20133

Public Sector Action
First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...

Open Happening

NIST CVE/NVD prioritization shift

Public Sector Action
First: 17.04.2026 00:47 Last: 17.04.2026 00:47 Sources 1

About this happening: **NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...

Open Happening

NIST/NVD risk-based CVE enrichment change

Public Sector Action
First: 16.04.2026 15:43 Last: 16.04.2026 15:43 Sources 1

About this happening: **NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...

Open Happening

CISA KEV listing and FCEB patch order for Ivanti EPMM

Public Sector Action
First: 08.04.2026 21:15 Last: 08.04.2026 21:15 Sources 1

About this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...

Open Happening

CISA urges Intune hardening for U.S. organizations

Public Sector Action
First: 19.03.2026 13:02 Last: 19.03.2026 13:02 Sources 1

About this happening: **CISA** urged **U.S. organizations** to harden **Microsoft Intune** and related endpoint management controls after the **Stryker** attack showed how those systems could be abused...

Open Happening

Timeline

  1. 15.04.2026 18:31 1 articles · 1mo ago

    CISA onboards ENISA for TL-Root CNA status

    Initial Disclosure

    At VulnCon26 in Scottsdale, Arizona, on April 14, ENISA head of sector for Incidents and Vulnerability Services Nuno Rodrigues Carvalho said the US Cybersecurity and Infrastructure Security Agency (CISA) was onboarding ENISA to become a top-level root CVE Numbering Authority (TL-Root CNA) in the Common Vulnerabilities and Exposures (CVE) Program, a role currently held only by CISA and MITRE.

    Show sources
    Open in new tab
  2. 15.04.2026 18:31 2 articles · 1mo ago

    ENISA expands its CVE Program role and European CNA onboarding

    Industry Or Public Sector Update

    ENISA said it became a CVE Numbering Authority in 2024 and a root CNA in 2025, and it is already onboarding new CNAs while prioritizing national CERTs and CSIRTs in Europe for CNA vetting as part of a planned TL-Root CNA role that would add European representation alongside CISA and MITRE in CVE Program governance; Carvalho said ENISA hoped to reach TL-Root CNA status in 2026 or early 2027, while the program had 502 CNAs and 83 Europe-based organizations.

    Show sources
    Open in new tab