AhnLab's Q2 2026 vulnerability trends report identifies 20,701 new CVEs, with Critical-severity vulnerabilities rising 62.5% from Q1 to 2,317. CISA's KEV catalog added 75 new entries, 87% of which were Critical or High severity. Attackers concentrated on externally exposed infrastructure (firewalls, VPNs, management panels) and supply chain compromises. The report highlights ten major CVEs across Ivanti, Fortinet, Palo Alto, Splunk, Google Chrome, Microsoft Exchange, cPanel, Ubiquiti, and DAEMON Tools, with RCE and privilege escalation being the dominant impact categories.