Risky Tech Ranking: Q1 2026 Updates

Coalition’s Risky Tech Ranking is an evolving list of technology providers whose products were vulnerable to exploitation by threat actors. The ranking uses publicly available data to help businesses make more thoughtful decisions about the technologies they adopt.

The Risky Tech Ranking is updated on a quarterly basis, scoring vendors by multiplying the number of vulnerabilities impacting a vendor’s products by the average Coalition Exploit Scoring System (Coalition ESS) score. Below, we’ll examine noteworthy changes in vendor rankings and contributing vulnerabilities in Q1 2026.

How the Risky Tech Ranking evolved in Q1 2026

The most interesting change in this quarter’s ranking is the appearance of two AI vendors to the top 30. N8n and Openclaw are two successful AI projects that have seen a large number of vulnerabilities being reported in Q1 2026.

Overall, the total number of vendors scored by Coalition in the Risky Tech Ranking increased by 9% in Q1 2026, growing from 9,533 to 10,388.

Similarly, the total number of contributing vulnerabilities (CVEs) increased by 6.7%, growing from 46,234 to 49,320.

As a result, the Average Vendor Score in Q1 2026 spiked 25.7%, jumping from 0.148 to 0.186.

Changes among the top 5 rankings

Cisco (↑2)

Cisco rose into the top 5, moving from #7 to #5. The shift was driven by an increase in both the number of contributing vulnerabilities (357) and higher Coalition ESS scores. 

Adobe (↓1)

Adobe fell out of the top 5, dropping from #5 to #6. While Adobe's Vendor Score worsened, it was overtaken in the top 5 due to Cisco's more significant increase in Vendor Score.

New entries & exits from the top 10

The Q1 2026 update saw two shifts in the top 10 most risky vendors:

• Totolink (↑5):  Joined the top 10, climbing from #13 to #9.

• Fortinet (↓2): Left the top 10, falling from #9 to #11.



Significant movement among the top 30

An handful of other vendors experienced major shifts of 20 positions or more within the top 30, including a new addition to the Risky Tech Ranking, OpenClaw:

• XWiki (↑45): Jumped from #60 to #15.  

• n8n (↑267): Made a massive climb from #283 to #16.  

• OpenClaw (New): Entered the ranking as a new entry at #23.  

• Smarsh (↑838): Experienced the most dramatic rise, jumping from #865 to #27.  

• SolarWinds (↑78): Moved from #108 into the top 30 at #30.  

• SonicWall (↓22): Improved its relative position, dropping from #28 to #50.  

• Kubernetes (↓205): Saw a significant improvement in rank, falling from #26 to #231.

Why the Risky Tech Ranking is important

Technology products are frequently released with serious security flaws, putting businesses at risk before they have a chance to defend themselves.

More than 48,00 new CVEs were published in the National Vulnerability Database in 2025, a 21% increase over 2024. What’s more, the US Cybersecurity and Infrastructure Security Agency (CISA) added 245 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025. 

At Coalition, we frequently encounter technology products and services that do not adequately safeguard businesses, many of which are used by businesses that may become or wish to become Coalition policyholders. Ensuring that only trustworthy technology handles an organization’s sensitive electronic information is not only vital for Coalition policyholders, but also serves the broader public interest by contributing to a safer digital environment across the entire technology ecosystem.

Vulnerability management is difficult, especially for small and midsize businesses (SMBs) that often rely on outside technology and trust that it's secure. The Risky Tech Ranking helps close that gap by giving businesses better insight into the risks tied to the products they use.

Read more about why we built the ranking and the full methodology.

The Risky Tech Ranking is based on publicly available data and is intended for general, informational purposes only, and not as legal, professional, or consulting advice; use of the Risky Tech Ranking is solely at your own risk. The Risky Tech Ranking is a list of unaffiliated third-party technology providers ranked by a methodology based on Coalition’s Exploit Scoring System (Coalition ESS), which is powered by generative AI, machine learning, and an underlying algorithm that provides assessment of all publicly disclosed vulnerabilities and evaluates a technology vendor's risk based on the exploitability of reported vulnerabilities over a set time period. Coalition disclaims all warranties, express or implied. Risky Tech Ranking results may vary or fluctuate based on factors outside of Coalition's control. See Coalition’s Terms of Use and Privacy Policy for additional information.

This blog post is designed to provide general information on the topic presented and is not intended to construe or render legal or other professional services of any kind. If legal or other professional advice is required, the services of a professional should be sought. The views and opinions expressed as part of this blog post do not necessarily state or reflect those of Coalition. Neither Coalition nor any of its employees make any warranty of any kind, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. The blog post may include links to other third-party websites. These links are provided as a convenience only. Coalition does not endorse, have control over nor assumes responsibility or liability for the content, privacy policy or practices of any such third-party websites. 

Copyright © 2026. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc. All other products and company names are the intellectual property of their respective brand owners.