A CNA is able to reserve a certain amount of CVEs. There might be no vulnerability assigned to it or at least it is not yet disclosed which vulnerability it will be. We will not be able to assign CVEs marked as RESERVED to our vulnerability entries. As soon as a CVE is released into the public CVE stream we will add it to our associated entry by assigning the field
Interested in the pricing of exploits?
See the underground prices here!