Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
Entry № 087

Attack Vector

Reviewed byCybersecurity entrepreneur & security researcher

What is Attack Vector?

Attack VectorSpecific path or technique an attacker uses to gain unauthorized access to a target, such as phishing, exploit of a CVE, or stolen credentials.


An attack vector is the concrete route an adversary takes to breach a target: phishing email, exposed RDP, exploited public-facing CVE, leaked credential reused on another service, supply-chain dependency, malicious USB, or insider misuse. The MITRE ATT&CK framework groups vectors as Initial Access techniques such as T1566 (phishing), T1190 (exploit public-facing application), or T1078 (valid accounts). Defenders use attack-vector analysis to map threats to controls: MFA blocks credential-reuse vectors, EDR catches malware delivery, secure email gateways filter phishing, and patching shrinks exposure to exploit-based vectors. Reducing attack vectors is a direct way to shrink the attack surface.

Examples

  1. 01

    Initial access via an unpatched VPN appliance CVE (T1190).

  2. 02

    Phishing attachment delivering a banking trojan (T1566.001).

Frequently asked questions

What is Attack Vector?

Specific path or technique an attacker uses to gain unauthorized access to a target, such as phishing, exploit of a CVE, or stolen credentials. It belongs to the Compliance & Frameworks category of cybersecurity.

What does Attack Vector mean?

Specific path or technique an attacker uses to gain unauthorized access to a target, such as phishing, exploit of a CVE, or stolen credentials.

How do you defend against Attack Vector?

Defences for Attack Vector typically combine technical controls and operational practices, as detailed in the full definition above.

Related terms