Effective Date: June 10, 2026 (Version 2026-06-10)
This page sets out the CVEs that Root Evidence excludes from the FIRE Benefit as of the Effective Date stated above. This list is reviewed and updated from time to time, and CVEs may be added to or removed from it as Root Evidence's detection capabilities and threat assessments change. Each version of this page is published with its own Effective Date. Prior versions remain available below so that you can determine which CVEs were excluded from the FIRE Benefit at any given time.
The FIRE Benefit, and the exclusions described on this page, apply only to customers who have purchased the FIRE Benefit as part of a bundle that includes External Attack Surface Management (EASM), Vulnerability Management (VM), and the Warranty. The FIRE Benefit is not available on a standalone basis.
The Common Vulnerabilities and Exposures identified below (each, an "Excluded CVE") are excluded from the FIRE Benefit as of the Effective Date. No claim under the FIRE Benefit may be made in respect of any Excluded CVE, regardless of whether the vulnerability is or was present in your environment.
Each Excluded CVE is known to have previously caused financial loss and is associated with assets that are externally accessible to the affected organization. However, Root Evidence is unable to reliably scan for or detect the presence of these vulnerabilities through external means. This may be because testing for the vulnerability could itself cause harm or disruption, because a patched system and an unpatched system are externally indistinguishable, or for other technical reasons that prevent confirmation that the vulnerability exists. Because Root Evidence cannot detect these vulnerabilities, they are excluded from the FIRE Benefit.
Excluded CVEs as of June 10, 2026:
© 2026 Root Evidence