Greg Kroah-Hartman, responsible for supporting the stable and staging branches of the Linux kernel, reported that in the first 6 months of 2026, 2,308 vulnerabilities were identified in the Linux kernel, which were assigned individual CVE identifiers. This means that the Linux kernel has now risen to the top spot in the number of assigned CVE identifiers among software manufacturers. It should be noted that this indicator may not be entirely objective, as most manufacturers only assign CVE identifiers to dangerous vulnerabilities, whereas in the Linux kernel, all potential vulnerabilities are accounted for, regardless of their level of danger.
Number of assigned CVEs grouped by manufacturer:
- 2308 “Linux”
- 1752 “Google”
- 1308 “n/a”
- 843 “Microsoft”
- 495 “OpenClaw”
- 445 “Oracle Corporation”
- 395 “Adobe”
- 340 “Red Hat”
- 310 “Apache Software Foundation”
- 284 “Apple”
Number of assigned CVEs grouped by individual products:
- 2309 “Linux”
- 1584 “Chrome”
- 888 “n/a”
- 497 “OpenClaw”
- 284 “Windows 10 Version 1607”
- 255 “Firefox” (in Firefox, information about hundreds of vulnerabilities can be aggregated under one CVE, for example, 155 vulnerabilities are collected under CVE-2026-6785, and 110 under CVE-2026-6786)
- 153 “Android”
- 141 “AVideo”
- 136 “Red Hat Enterprise Linux 10”
- 124 “iOS and iPadOS”