In a dramatic turn of events, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has extended funding for the Critical Vulnerability Enumeration (CVE) program, narrowly averting a potential shutdown. The program, which is vital for tracking and managing cybersecurity vulnerabilities, faced imminent defunding due to the expiration of MITRE’s contract. Concerns escalated as funding was set to cease, posing risks to the cybersecurity landscape globally. The last-minute extension ensures that critical CVE services will continue without a lapse, addressing fears of increased online risks due to potential disruptions in vulnerability management. This development highlights ongoing tensions around cybersecurity funding and the necessity for a stable framework to support programs essential for tracking software flaws.