Mapping from CVEs to MITRE Techniques
Each CVE with a synthesized security summary has been analyzed to identify the MITRE ATT&CK Enterprise techniques it enables or facilitates. These charts show the distribution of attack tactics and techniques across 13,375 annotated CVEs, their severity and exploit probability, and how actively-exploited vulnerabilities (CISA KEV) compare to the full set.
Last updated: 2026-04-06 17:22 UTC
Tactic Frequency & Technique Drill-Down
→ Click any tactic bar to filter the technique list below it.
Click any technique bar to open its MITRE ATT&CK detail page in a new tab.
Technique Risk Matrix
→ Each bubble is one MITRE technique. Bubble size = CVE count.
The upper-right quadrant (high CVSS, high EPSS) highlights techniques associated
with the most severe and exploit-likely vulnerabilities.
Click any bubble to open MITRE ATT&CK.
KEV Spotlight: All CVEs vs. Known Exploited
→ Compares how attack tactics are distributed across all annotated CVEs
versus those on the CISA Known Exploited Vulnerabilities list.
Tactics with a larger red bar than grey bar are over-represented in
actively exploited vulnerabilities.