The numbers behind the problem

Gartner's inaugural Magic Quadrant for Hybrid Mesh Firewall (August 2025) names three Leaders: Fortinet, Palo Alto Networks and Check Point. In the first six months of 2026, each had a critical authentication-bypass flaw in its firewall or VPN products added to CISA's Known Exploited Vulnerabilities (KEV) catalogue, confirming they were being exploited in the wild, rather than only theoretically vulnerable. The risk is vendor-agnostic: it follows the role these devices play, not the badge on the box.

NIST reports that the number of CVEs submitted to the National Vulnerability Database each year rose 263% between 2020 and 2025. This is the growth in the annual rate of new disclosures, not a cumulative total. A record 48,185 CVEs were published in 2025 alone, up roughly 21% on 2024. The trend looks set to continue: NIST notes submissions in early 2026 running about a third higher year-on-year, and independent analysis attributes much of the structural surge to AI-assisted vulnerability research, which can analyse code at a scale and speed human researchers cannot match. In June 2026 the Five Eyes cyber security agencies issued a rare joint warning that AI is “shrinking the window between vulnerability discovery and exploitation ever more quickly”, urging organisations to reduce their attack surface and accelerate patching.

Firewall, VPN and SD-WAN appliances sit at the boundary between the internet and internal systems, so a single compromised device can give an attacker a foothold into the wider network. That is precisely why edge and perimeter devices are deliberately targeted. Mandiant's M-Trends 2026 highlights threat actors specifically going after edge and core network devices that typically lack standard endpoint detection.