In November 2024, attackers chained two Palo Alto Networks firewall vulnerabilities—CVE-2024-0012 (authentication bypass) and CVE-2024-9474 (privilege escalation)—to gain unauthenticated root access across over 13,000 exposed management interfaces worldwide, despite individual CVSS v4.0 scores of 9.3 and 6.9 suggesting manageable risk. This exploit chain, dubbed Operation Lunar Peek by Unit 42, exposed a critical flaw in vulnerability triage: scoring systems evaluate flaws in isolation, ignoring how attackers combine low-severity bugs into high-impact kill chains. As of April 2026, with CVE volumes projected to exceed 70,000 annually and AI-driven discovery threatening to push that past 480,000, security teams must abandon CVSS-first prioritization or remain blind to cascading failures.
How the Chain Broke the Score
CVE-2024-0012 resided in Palo Alto Networks’ PAN-OS web interface, where an improper input validation flaw in the /php/login.php endpoint allowed unauthenticated attackers to bypass authentication via a crafted SAML request containing a malformed RelayState parameter. This didn’t grant direct shell access but returned a valid session cookie for the admin portal—effectively turning the firewall’s GUI into an open door. CVE-2024-9474, meanwhile, was a race condition in the setuputils script during system recovery mode, allowing a local user with admin privileges to escalate to root by symlinking a temporary file to /etc/passwd before a privileged chown operation completed. Chained, an attacker needed only network access to the management interface (port 443) to achieve full control—no credentials, no phishing, no malware dropper.
The danger lay in the scoring mismatch. CVSS v4.0 rated CVE-2024-9474 at 6.9 (Medium) partly because its attack vector was classified as Local—requiring prior system access. But once CVE-2024-0012 delivered that access remotely, the Local requirement evaporated. NVD’s CVSS v3.1 scoring (9.8 and 7.2) suffered the same blind spot: neither version captures attack flow, only isolated exploitability. As Adam Meyers of CrowdStrike noted in his April 22, 2026 VentureBeat interview, “They just had amnesia from 30 seconds before”—referring to security teams who patched the 9.3-scored flaw during maintenance windows even as ignoring the 6.9-scored escalation path, unaware that the first bug nullified the second’s prerequisite.
Why CVSS Can’t Keep Pace with AI-Driven Discovery
The infrastructure underpinning CVE scoring is buckling. NIST announced on April 15, 2026 that the National Vulnerability Database will prioritize enrichment only for KEV (Known Exploited Vulnerabilities) and federal critical software, abandoning enrichment for the remaining 78% of submissions due to unsustainable volume growth—CVEs have increased 263% since 2020. Jerry Gamblin of Cisco Threat Detection and Response projects 70,135 CVEs for 2026, a 20.6% YoY increase from 2025’s 48,185. But frontier AI models like Anthropic’s Claude Mythos Preview are accelerating discovery: in internal testing, the model autonomously identified a 27-year-old signed integer overflow in OpenBSD’s TCP SACK implementation across 1,000 scaffold runs for under $20,000 in compute cost. Meyers warned VentureBeat that a 10x increase in annual CVE volume—driven by AI—would overwhelm pipelines built for 48,000, let alone 70,000.
This isn’t theoretical. CrowdStrike’s 2026 Global Threat Report shows a 42% YoY rise in zero-day exploitation before public disclosure, with average breakout time dropping to 29 minutes and China-nexus actors weaponizing patches within two to six days. When Project QuiltWorks launched on April 25, 2026—a coalition including Accenture, EY, IBM, Kroll, and OpenAI—it signaled industry recognition that no single vendor’s patch workflow can survive AI-generated vulnerability floods. As Daniel Bernard, CBO at CrowdStrike, stated: “If the adversary finds vulnerabilities faster than defenders or the business, those become exploits before anyone knows they exist.”
Beyond the Score: What Actually Works
Effective mitigation requires shifting from vulnerability-centric to attack-chain-centric defenses. Jerry Gamblin recommends running chain-dependency audits on every KEV CVE, flagging any co-resident flaw scored 5.0 or above—where privilege escalation and lateral movement typically emerge in CVSS vectors. Any pair chaining authentication bypass to privilege escalation must be triaged as critical, regardless of individual scores. For internet-facing systems, KEV-to-patch SLAs must compress to 72 hours; weekly windows are indefensible when the fastest observed breakout is 27 seconds.
Equally vital is tracking exposure age. Salt Typhoon exploited a Cisco vulnerability (CVE-2023-20198) patched 14 months prior because no board metric existed for aging KEV exposure. A monthly KEV aging report—listing days since disclosure, patch availability, and owner—creates accountability. Identity-surface controls (assist desk authentication gaps, agentic AI credential inventories) must join the vulnerability pipeline; as Merritt Baer of Enkrypt AI argues, these are vulnerability equivalents operating outside traditional governance.
“CVSS was never meant to be a prioritization tool—it’s a severity language. Treating it as a risk score is like using the Richter scale to decide which earthquake to evacuate for.”
The implications ripple across the tech ecosystem. Open-source projects like OpenBSD and Linux kernel maintainers face increased pressure from AI-driven fuzzing, yet lack the resources of vendor-backed PSIRTs. Meanwhile, enterprises relying on single-vendor stacks (e.g., Palo Alto-only SASE deployments) inherit systemic risk when chained flaws bypass device-level isolation. As platform lock-in intensifies through AI-powered security suites—believe Microsoft Copilot for Security or Google Chronicle’s AI tier—the ability to detect cross-product attack chains becomes a competitive differentiator. Vendors who expose dependency graphs via open APIs (like Cisco’s Security Cloud Analytics) will gain trust; those who obscure them behind proprietary scoring will lose it.
the Lunar Peek incident wasn’t a failure of patching—it was a failure of imagination. CVSS does what it was designed to do: score one flaw at a time. The adversary, however, never fights one fight at a time. Until security teams model threats as graphs—not lists—they’ll keep scoring the trees while the forest burns.
