A vulnerability feed tells you a product has a flaw. It can't tell you whether this one is reachable, or even switched on, in your network. IP Fabric can.
verified on demo1.eu.ipfabric.io · IP Fabric v7.11 · 2026-07-07 · no writes, no attacks
So security teams face hundreds of "critical" findings with no way to know which ones bite. Two things decide whether a CVE is real — and both are things IP Fabric already discovers.
True — and KEV-listed, mass-exploited. But it's context-free, ranked by a generic score. Is this box even reachable? Is SSL-VPN on? Silence.
Grounded in the discovered topology: a real reachable route, the ACLs and zone-firewalls on it, and whether the vulnerable feature is actually enabled.
A single path-lookup on the S01 lab returned a full route Pilsen DR → Ostrava DC — and reported exactly where the ACLs and zone-firewalls sit along it. That's the difference between "a CVE exists" and "here's the path an attacker would traverse through your topology."
IP Fabric's discovered estate — not a declared asset list. On the demo: 729 devices, 12+ vendors, 88 version tuples, down to the FortiGate at site L71 running FortiOS 6.0.5.
Feed that real inventory to the CVE + attack-path layer. FortiOS 6.0.5 → CVE-2018-13379, a described attack chain — generated, never executed.
Path-lookup checks whether the exposure has a real reachable route to something that matters — with the ACLs and zone-firewalls on it. No path → deprioritise. This is where most "criticals" fall away.
Read the live config: is the vulnerable feature actually enabled? Confirm → real. Off → drop. Ambiguous → don't guess — flag for a human.
Every step is analysis over what IP Fabric already sees — discovery, path-lookup, config. No exploit is ever launched. It respects the same read-only, segregation-of-duties boundary IP Fabric is built on. Any live execution would need signed rules of engagement — and would happen only on infrastructure we own, never a customer's fabric.
Do your customers feel the "CVSS noise vs. real reachable risk" pain — enough to want a product for it?
Is a security-exposure product built on IP Fabric data on-strategy for you — or a boundary you'd keep?
Which frameworks land hardest — DORA / NIS2 first? And is a read-only report the wedge, or closed-loop remediation later?