Unknown software vulnerability before a patch exists
A zero-day is a software vulnerability that is unknown to the vendor, giving them zero days to fix it before it can be exploited. In SaaS and enterprise security, zero-days represent the highest-severity risk class because there's no patch or mitigation available.
The 2021 Log4Shell zero-day affected millions of systems running the Log4j logging library. Because it was embedded in countless apps, patching it required every vendor to scramble simultaneously.