NIST’s NVD expands today (June 17, 2026) to include CISA-sourced SSVC decision-tree prioritization data and structured CVE JSON 5.0 affected product information from CNAs, impacting approximately 95% of existing NVD records. This is a data model change, not a vulnerability. Organizations consuming NVD data programmatically via API, SIEM enrichment, or SCA scanner integrations must validate schema compatibility before automated pipelines silently degrade or produce incorrect prioritization output.