White House delays CISA voting machine vulnerability report past 2026 midterms

The administration withheld the CISA report that inventories exploitable flaws across Dominion, ES&S, and Hart InterCivic tabulators. Internal timelines show the document completed technical review in April 2026 yet remains under White House clearance. Prior CISA assessments from 2022 and 2024 documented 47 distinct attack paths on direct-recording electronic systems with median remediation windows exceeding 18 months.

Election infrastructure data from the 2024 cycle recorded 312 jurisdictions still operating unpatched firmware versions flagged in earlier CISA alerts. NIST SP 800-XXX drafts on supply-chain risks for voting hardware remain unpublished. Delay shifts any required certification updates into the 2028 cycle and compresses state-level testing schedules already constrained by 90-day pre-election lock periods.

Operational impact centers on extended exposure periods for known buffer-overflow and memory-extraction vectors. Jurisdictions cannot initiate procurement of updated hardware until the report surfaces. Post-election release will trigger compressed patch cycles that historically produce incomplete deployments across at least 18 percent of precincts based on 2022 remediation tracking.

States with paper-audit mandates retain fallback verification paths while DRE-heavy jurisdictions face extended risk windows through 2027.