Redefining Security Data: Red Hat's New VEX Experience Heading to Red Hat Summit 2026
Red Hat Blog, April 27,2026
Red Hat announces a major evolution of its CSAF and VEX security data formats for better clarity and integration.
Red Hat Product Security is overhauling its Common Security Advisory Framework (CSAF) and Vulnerability Exploit eXchange (VEX) files to improve security data usability and ecosystem integration.
The update introduces key improvements including enhanced product granularity with explicit supported streams, simplified product trees, better validation with CPEs and PURLs, and optimized content with reduced redundancy.
A beta version is available now for vendor adoption, with the general availability launch planned for Red Hat Summit 2026, at which point legacy VEX files will be deprecated. Red Hat is encouraging partner feedback throughout the transition to ensure a smooth rollout of the new standardized VEX format.