@blamejs/exceptd-skills 0.12.20 → 0.12.22

package/data/_indexes/summary-cards.json

@@ -7,7 +7,7 @@
     "kernel-lpe-triage": {
       "description": "Assess Linux kernel LPE exposure — Copy Fail, Dirty Frag, live-patch vs. reboot remediation",
       "threat_context_excerpt": "An AI system discovered this vulnerability in approximately one hour. It is a page-cache copy-on-write (CoW) primitive in the Linux kernel affecting all major distributions since kernel 4.14 (2017). Every major Linux distribution is affected: RHEL 7–9, Ubuntu 18.04–24.04, Debian 9–12, CentOS, Fedora, Amazon Linux 2/2023, SUSE 12/15, Alpine, and derivatives.",
-      "produces": "Produce this structure:\n\n```\n## Kernel LPE Exposure Assessment\n\n**Assessment Date:** YYYY-MM-DD  \n**Kernel Version:** x.x.x  \n**Distribution:** [name + version]\n\n### Exposure Summary\n| CVE | Status | Severity |\n|-----|--------|----------|\n| CVE-2026-31431 (Copy Fail) | [Exposed / Live-patched / Patched] | [Critical/High/Medium/Low] |\n| CVE-2026-43284 (Dirty Frag ESP) | [Exposed / Patched] | [Critical/High/Medium/Low] |\n| CVE-2026-43500 (Dirty Frag RxRPC) | [Exposed / Patched] | [Critical/High/Medium/Low] |\n\n### IPsec Control Impact\n[If applicable: which network controls are affected by Dirty F ...",
+      "produces": "Produce this structure:\n\n```\n## Kernel LPE Exposure Assessment\n\n**Assessment Date:** YYYY-MM-DD  \n**Kernel Version:** x.x.x  \n**Distribution:** [name + version]\n\n### Exposure Summary\n| CVE | Status | Severity |\n|-----|--------|----------|\n| CVE-2026-31431 (Copy Fail) | [Exposed / Live-patched / Patched] | [Critical/High/Medium/Low] |\n| CVE-2026-43284 (Dirty Frag ESP) | [Exposed / Patched] | [Critical/High/Medium/Low] |\n| CVE-2026-43500 (Dirty Frag RxRPC) | [Exposed / Patched] | [Critical/High/Medium/Low] |\n| CVE-2026-46300 (Fragnesia) | [Exposed / Module-unloaded / Live-patched / Patched] | [C ...",
       "key_xrefs": {
         "cwe_refs": [
           "CWE-125",

package/data/_indexes/token-budget.json

@@ -3,23 +3,23 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1406605,
-    "total_approx_tokens": 351655,
+    "total_chars": 1420930,
+    "total_approx_tokens": 355238,
     "skill_count": 38
   },
   "skills": {
     "kernel-lpe-triage": {
       "path": "skills/kernel-lpe-triage/skill.md",
-      "bytes": 26011,
-      "chars": 25877,
-      "lines": 343,
-      "approx_tokens": 6469,
+      "bytes": 29740,
+      "chars": 29580,
+      "lines": 390,
+      "approx_tokens": 7395,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
-          "bytes": 3156,
-          "chars": 3126,
-          "approx_tokens": 782
+          "bytes": 5569,
+          "chars": 5521,
+          "approx_tokens": 1380
         },
         "framework-lag-declaration": {
           "bytes": 2519,
@@ -32,9 +32,9 @@
           "approx_tokens": 722
         },
         "exploit-availability-matrix": {
-          "bytes": 632,
-          "chars": 630,
-          "approx_tokens": 158
+          "bytes": 885,
+          "chars": 881,
+          "approx_tokens": 220
         },
         "compliance-theater-check": {
           "bytes": 2072,
@@ -42,14 +42,14 @@
           "approx_tokens": 516
         },
         "analysis-procedure": {
-          "bytes": 4670,
-          "chars": 4668,
-          "approx_tokens": 1167
+          "bytes": 5300,
+          "chars": 5296,
+          "approx_tokens": 1324
         },
         "output-format": {
-          "bytes": 1407,
-          "chars": 1399,
-          "approx_tokens": 350
+          "bytes": 1796,
+          "chars": 1784,
+          "approx_tokens": 446
         },
         "detection-rules": {
           "bytes": 689,
@@ -175,10 +175,10 @@
     },
     "framework-gap-analysis": {
       "path": "skills/framework-gap-analysis/skill.md",
-      "bytes": 26212,
-      "chars": 26160,
-      "lines": 375,
-      "approx_tokens": 6540,
+      "bytes": 27420,
+      "chars": 27364,
+      "lines": 379,
+      "approx_tokens": 6841,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -192,19 +192,19 @@
           "approx_tokens": 818
         },
         "ttp-mapping": {
-          "bytes": 1856,
-          "chars": 1854,
-          "approx_tokens": 464
+          "bytes": 2089,
+          "chars": 2087,
+          "approx_tokens": 522
         },
         "exploit-availability-matrix": {
-          "bytes": 1352,
-          "chars": 1352,
-          "approx_tokens": 338
+          "bytes": 1536,
+          "chars": 1536,
+          "approx_tokens": 384
         },
         "built-in-gap-catalog": {
-          "bytes": 10124,
-          "chars": 10096,
-          "approx_tokens": 2524
+          "bytes": 10679,
+          "chars": 10647,
+          "approx_tokens": 2662
         },
         "analysis-procedure": {
           "bytes": 1718,
@@ -222,18 +222,18 @@
           "approx_tokens": 483
         },
         "compliance-theater-check": {
-          "bytes": 2225,
-          "chars": 2225,
-          "approx_tokens": 556
+          "bytes": 2461,
+          "chars": 2461,
+          "approx_tokens": 615
         }
       }
     },
     "compliance-theater": {
       "path": "skills/compliance-theater/skill.md",
-      "bytes": 28716,
-      "chars": 28652,
-      "lines": 372,
-      "approx_tokens": 7163,
+      "bytes": 29641,
+      "chars": 29575,
+      "lines": 375,
+      "approx_tokens": 7394,
       "approx_chars_per_token": 4,
       "sections": {
         "frontmatter-scope": {
@@ -257,14 +257,14 @@
           "approx_tokens": 549
         },
         "exploit-availability-matrix": {
-          "bytes": 1775,
-          "chars": 1775,
-          "approx_tokens": 444
+          "bytes": 2006,
+          "chars": 2006,
+          "approx_tokens": 502
         },
         "theater-pattern-library": {
-          "bytes": 12043,
-          "chars": 12027,
-          "approx_tokens": 3007
+          "bytes": 12737,
+          "chars": 12719,
+          "approx_tokens": 3180
         },
         "analysis-procedure": {
           "bytes": 943,
@@ -285,10 +285,10 @@
     },
     "exploit-scoring": {
       "path": "skills/exploit-scoring/skill.md",
-      "bytes": 22174,
-      "chars": 22044,
-      "lines": 338,
-      "approx_tokens": 5511,
+      "bytes": 23932,
+      "chars": 23794,
+      "lines": 357,
+      "approx_tokens": 5949,
       "approx_chars_per_token": 4,
       "sections": {
         "frontmatter-scope": {
@@ -312,9 +312,9 @@
           "approx_tokens": 305
         },
         "exploit-availability-matrix": {
-          "bytes": 1519,
-          "chars": 1515,
-          "approx_tokens": 379
+          "bytes": 1744,
+          "chars": 1740,
+          "approx_tokens": 435
         },
         "rwep-formula": {
           "bytes": 2866,
@@ -322,9 +322,9 @@
           "approx_tokens": 714
         },
         "pre-calculated-rwep-scores": {
-          "bytes": 4183,
-          "chars": 4150,
-          "approx_tokens": 1038
+          "bytes": 5716,
+          "chars": 5675,
+          "approx_tokens": 1419
         },
         "rwep-vs-cvss-delta-analysis": {
           "bytes": 1509,
@@ -555,10 +555,10 @@
     },
     "threat-model-currency": {
       "path": "skills/threat-model-currency/skill.md",
-      "bytes": 26071,
-      "chars": 25967,
-      "lines": 409,
-      "approx_tokens": 6492,
+      "bytes": 27335,
+      "chars": 27223,
+      "lines": 411,
+      "approx_tokens": 6806,
       "approx_chars_per_token": 4,
       "sections": {
         "frontmatter-scope": {
@@ -572,9 +572,9 @@
           "approx_tokens": 135
         },
         "the-14-threat-class-checklist": {
-          "bytes": 10476,
-          "chars": 10466,
-          "approx_tokens": 2617
+          "bytes": 11120,
+          "chars": 11106,
+          "approx_tokens": 2777
         },
         "threat-context": {
           "bytes": 1831,
@@ -587,14 +587,14 @@
           "approx_tokens": 646
         },
         "ttp-mapping": {
-          "bytes": 2981,
-          "chars": 2943,
-          "approx_tokens": 736
+          "bytes": 3097,
+          "chars": 3059,
+          "approx_tokens": 765
         },
         "exploit-availability-matrix": {
-          "bytes": 1845,
-          "chars": 1831,
-          "approx_tokens": 458
+          "bytes": 2349,
+          "chars": 2331,
+          "approx_tokens": 583
         },
         "compliance-theater-check": {
           "bytes": 1568,
@@ -680,10 +680,10 @@
     },
     "zeroday-gap-learn": {
       "path": "skills/zeroday-gap-learn/skill.md",
-      "bytes": 31609,
-      "chars": 31473,
-      "lines": 401,
-      "approx_tokens": 7868,
+      "bytes": 37109,
+      "chars": 36955,
+      "lines": 444,
+      "approx_tokens": 9239,
       "approx_chars_per_token": 4,
       "sections": {
         "frontmatter-scope": {
@@ -707,9 +707,9 @@
           "approx_tokens": 298
         },
         "exploit-availability-matrix": {
-          "bytes": 2371,
-          "chars": 2353,
-          "approx_tokens": 588
+          "bytes": 2802,
+          "chars": 2780,
+          "approx_tokens": 695
         },
         "the-learning-loop": {
           "bytes": 1417,
@@ -717,9 +717,9 @@
           "approx_tokens": 343
         },
         "pre-run-lessons-encoded-from-documented-zero-days": {
-          "bytes": 15782,
-          "chars": 15752,
-          "approx_tokens": 3938
+          "bytes": 20851,
+          "chars": 20807,
+          "approx_tokens": 5202
         },
         "analysis-procedure": {
           "bytes": 2122,
@@ -1510,16 +1510,16 @@
     },
     "webapp-security": {
       "path": "skills/webapp-security/skill.md",
-      "bytes": 28791,
-      "chars": 28619,
+      "bytes": 28798,
+      "chars": 28626,
       "lines": 285,
-      "approx_tokens": 7155,
+      "approx_tokens": 7157,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
-          "bytes": 3443,
-          "chars": 3431,
-          "approx_tokens": 858
+          "bytes": 3450,
+          "chars": 3438,
+          "approx_tokens": 860
         },
         "framework-lag-declaration": {
           "bytes": 3561,

package/data/cve-catalog.json

@@ -656,7 +656,7 @@
       "live_patch_available": 0,
       "reboot_required": 5
     },
-    "epss_score": 0.00007,
+    "epss_score": 7e-05,
     "epss_percentile": 0.0051,
     "epss_date": "2026-05-13",
     "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-43284",
@@ -1225,5 +1225,172 @@
       ]
     },
     "last_updated": "2026-05-13"
+  },
+  "CVE-2026-46300": {
+    "name": "Fragnesia",
+    "type": "LPE",
+    "cvss_score": 7.8,
+    "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "cisa_kev_date": null,
+    "cisa_kev_due_date": null,
+    "poc_available": true,
+    "poc_description": "Public PoC released alongside disclosure on the V12 security team's GitHub. One-line invocation against /usr/bin/su yields a root shell. No race condition — the page-cache write primitive is deterministic.",
+    "ai_discovered": false,
+    "ai_assisted_weaponization": false,
+    "active_exploitation": "none",
+    "affected": "Linux kernel — all distributions shipping kernel >= 5.10 with the XFRM ESP-in-TCP path enabled (default on RHEL 8/9, Ubuntu 20.04+, Debian 11+, Amazon Linux 2/2023, SUSE 15, AlmaLinux 8/9, CloudLinux 8/9, Rocky Linux 8/9, Alpine, and derivatives). Containers inherit host-kernel exposure regardless of image patch level.",
+    "affected_versions": [
+      "linux-kernel >= 5.10",
+      "linux-kernel < 6.8.11"
+    ],
+    "vector": "Page-cache corruption via XFRM ESP-in-TCP skb coalescing. skb_try_coalesce() fails to propagate the SKBFL_SHARED_FRAG marker when transferring paged fragments between socket buffers, so the kernel loses track of externally-backed fragments (page-cache pages spliced from a file). An unprivileged local user can deterministically overwrite read-only file data in the kernel page cache without touching the on-disk file. The canonical payload targets /usr/bin/su; any read-only setuid binary resident in the page cache is reachable.",
+    "complexity": "deterministic",
+    "complexity_notes": "No race condition. No heap spray. Same primitive class as Dirty Frag (CVE-2026-43284 / CVE-2026-43500) — Fragnesia is the sibling bug surfaced by the Dirty Frag patch. Mitigation set is identical: unloading esp4 / esp6 / rxrpc removes the vulnerable code path without a reboot.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": true,
+    "live_patch_tools": [
+      "kpatch",
+      "canonical-livepatch",
+      "kGraft",
+      "CloudLinux KernelCare",
+      "AlmaLinux kernel-secureboot update (testing)",
+      "CloudLinux kernel update (testing)"
+    ],
+    "live_patch_notes": "Live patches in vendor pipelines as of 2026-05-13: AlmaLinux + CloudLinux published kernels to their testing channels the same day; Rocky Linux community discussion open; Canonical Livepatch + kpatch follow standard cadence. Module-unload mitigation (esp4 / esp6 / rxrpc) is non-reboot and identical to the Dirty Frag mitigation set, so any host already mitigated for CVE-2026-43284 / CVE-2026-43500 by module blacklist is already mitigated for Fragnesia.",
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "30-day critical patch SLA is an exploitation window for a deterministic LPE with a public PoC. Module-unload mitigation is non-reboot and available immediately, but no SI-2 implementation requires it as a compensating control.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' undefined; standard 30-day interpretation is unsafe for deterministic LPE with public PoC. No requirement to track kernel-module-blacklist as a compensating control.",
+      "NIS2-Art21-patch-management": "Art. 21(2)(c) patch-management measures are undefined for fast-cycle kernel LPEs with public PoC. No guidance on module-blacklist as an interim measure.",
+      "DORA-Art9": "ICT incident management presumes vendor-patch cadence; module-unload as immediate mitigation has no place in the typical DORA evidence pack.",
+      "UK-CAF-B4": "System security principle is silent on subsystem module disable as a compensating control for unpatched kernel LPE.",
+      "AU-ISM-1546": "Essential 8 patch-applications maturity ladder anchors on advisory date, not on PoC availability. ML3 48h is still long for a deterministic public exploit.",
+      "ISO-27001-2022-A.5.7": "Threat-intelligence control collects feeds but does not require the operational pivot (module unload) when intel shows a same-family sequel to a previously-patched bug."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1068"
+    ],
+    "rwep_score": 20,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 25,
+      "patch_available": -15,
+      "live_patch_available": -10,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 20 today. Score will jump to 55+ on CISA KEV listing (+25 KEV) and to 65+ if active exploitation is confirmed. Blast radius 25 reflects every Linux host with esp4/esp6 (common in IPsec deployments) or rxrpc (Kerberos/AFS environments) loaded — not all hosts but a large fraction of enterprise fleets.",
+    "cwe_refs": [
+      "CWE-672",
+      "CWE-787"
+    ],
+    "source_verified": "2026-05-14",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-46300",
+      "https://almalinux.org/blog/2026-05-13-fragnesia-cve-2026-46300/",
+      "https://blog.cloudlinux.com/fragnesia-mitigation-and-kernel-update",
+      "https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-page-cache-lpe-family/",
+      "https://www.wiz.io/vulnerability-database/cve/cve-2026-46300",
+      "https://www.helpnetsecurity.com/2026/05/14/fragnesia-cve-2026-46300-linux-kernel-lpe/",
+      "https://thehackernews.com/2026/05/new-fragnesia-linux-kernel-lpe-grants.html",
+      "https://www.theregister.com/security/2026/05/14/dirty-frag-gets-a-sequel-as-fragnesia/",
+      "https://securityaffairs.com/192145/uncategorized/linux-kernel-bug-fragnesia-allows-local-root-access-attacks.html",
+      "https://securityonline.info/fragnesia-linux-kernel-lpe-exploit-poc-disclosure/",
+      "https://www.bleepingcomputer.com/news/security/new-fragnesia-linux-kernel-bug-allows-local-root-access/",
+      "https://www.securityweek.com/fragnesia-linux-kernel-lpe-page-cache-corruption/",
+      "https://forums.rockylinux.org/t/fragnesia-cve-2026-46300-mitigation-thread"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "kernel.org",
+        "advisory_id": null,
+        "url": "https://lore.kernel.org/linux-cve-announce/?q=CVE-2026-46300",
+        "severity": "high",
+        "published_date": "2026-05-13"
+      },
+      {
+        "vendor": "AlmaLinux",
+        "advisory_id": null,
+        "url": "https://almalinux.org/blog/2026-05-13-fragnesia-cve-2026-46300/",
+        "severity": "high",
+        "published_date": "2026-05-13"
+      },
+      {
+        "vendor": "CloudLinux",
+        "advisory_id": null,
+        "url": "https://blog.cloudlinux.com/fragnesia-mitigation-and-kernel-update",
+        "severity": "high",
+        "published_date": "2026-05-13"
+      },
+      {
+        "vendor": "Rocky Linux",
+        "advisory_id": null,
+        "url": "https://forums.rockylinux.org/t/fragnesia-cve-2026-46300-mitigation-thread",
+        "severity": "high",
+        "published_date": "2026-05-13"
+      },
+      {
+        "vendor": "Red Hat",
+        "advisory_id": null,
+        "url": "https://access.redhat.com/security/cve/CVE-2026-46300",
+        "severity": "important",
+        "published_date": "2026-05-13"
+      },
+      {
+        "vendor": "Canonical (Ubuntu)",
+        "advisory_id": null,
+        "url": "https://ubuntu.com/security/CVE-2026-46300",
+        "severity": "high",
+        "published_date": "2026-05-13"
+      },
+      {
+        "vendor": "SUSE",
+        "advisory_id": null,
+        "url": "https://www.suse.com/security/cve/CVE-2026-46300.html",
+        "severity": "important",
+        "published_date": "2026-05-13"
+      },
+      {
+        "vendor": "Debian",
+        "advisory_id": null,
+        "url": "https://security-tracker.debian.org/tracker/CVE-2026-46300",
+        "severity": "high",
+        "published_date": "2026-05-14"
+      }
+    ],
+    "iocs": {
+      "payload_artifacts": [
+        "Setuid-root binary in /usr/bin, /usr/sbin, /bin, /sbin whose sha256 differs from distro package-manager (`rpm -Va`, `debsums -c`, `dpkg --verify`) — Fragnesia's page-cache write primitive corrupts the in-cache copy without modifying on-disk bytes; `sha256sum /usr/bin/su` against a freshly-read-from-disk copy will mismatch the page-cache-resident copy",
+        "/usr/bin/su / /usr/bin/sudo / /usr/bin/passwd / /usr/bin/chsh / /usr/bin/chfn / /usr/bin/newgrp / /usr/bin/mount in page cache (`vmtouch -v <path>`) but verification against on-disk bytes (`echo 3 > /proc/sys/vm/drop_caches; sha256sum <path>`) shows the disk copy is clean — primary forensic signature of page-cache-resident corruption",
+        "Process whose /proc/<pid>/status transitions Uid: 1000 1000 1000 1000 -> Uid: 0 0 0 0 within 60s of an execve of a previously-cached setuid binary"
+      ],
+      "runtime_syscall": [
+        "splice(2) or vmsplice(2) syscall by uid >= 1000 with source fd opened O_RDONLY against a setuid file and target fd an AF_INET / AF_INET6 socket with ESP-in-TCP encap set — primary Fragnesia exploitation primitive",
+        "setsockopt(2) with SOL_IP / SOL_IPV6 + UDP_ENCAP / TCP_ULP setting xfrm encap modes from an unprivileged process that has no IPsec-relevant workload",
+        "sendmsg(2) / sendmmsg(2) on a socket configured for ESP-in-TCP encap with MSG_ZEROCOPY and a source iovec pointing into a read-only mmap of a setuid binary"
+      ],
+      "kernel_trace": [
+        "ftrace tracepoint skb_try_coalesce or __skb_grow firing with destination skb missing the SKBFL_SHARED_FRAG flag while source skb has paged frags backed by externally-mapped pages",
+        "eBPF kprobe on skb_try_coalesce / xfrm_input / esp_input_done with caller_uid != 0 and the resulting skb's shinfo->flags lacking SKBFL_SHARED_FRAG",
+        "dmesg BUG: or WARN_ON from net/xfrm/, net/ipv4/esp4.c, net/ipv6/esp6.c, or net/rxrpc/ within 60s of an unprivileged-process privilege transition"
+      ],
+      "behavioral": [
+        "Unprivileged process spliced data from a setuid binary into an XFRM-configured socket without a corresponding IPsec policy in /proc/net/xfrm_stat",
+        "Root-uid shell (bash, sh, dash, zsh) whose PPid resolves to a non-setuid, non-root parent (python, ruby, node, user-owned /tmp or /home binary) following recent splice/sendmsg activity on AF_INET sockets with ESP encap",
+        "Kernel module esp4 / esp6 / rxrpc loaded on a host whose configured workload has no IPsec / no Kerberos-AFS dependency — exposure-without-purpose signature"
+      ],
+      "mitigation_state": [
+        "Kernel version in affected_versions range AND `modprobe -n -v esp4` shows the module is loadable AND no `blacklist esp4` / `install esp4 /bin/false` line in /etc/modprobe.d/*.conf — module-unload mitigation NOT applied",
+        "Kernel version in affected_versions range AND /sys/kernel/livepatch/*/cve-ids does NOT contain CVE-2026-46300 — treat as EXPOSED regardless of generic livepatch-active flag",
+        "RHEL/AlmaLinux/CloudLinux: kpatch-livepatch-*-CVE-2026-46300 RPM installed but not in `kpatch list` Loaded patch modules section — package-installed-without-load silent exposure",
+        "Ubuntu: `canonical-livepatch status --verbose` 'fixes:' list does not include CVE-2026-46300 while kernel in affected range"
+      ],
+      "forensic_note": "Fragnesia corrupts page-cache pages without touching disk. File-integrity tools that hash on-disk bytes (AIDE, Tripwire, IMA in measure-only mode) cannot detect the corruption — the on-disk file is unchanged. Detection requires either (a) reading the binary through the page cache (`vmtouch` + `sha256sum`) and comparing to a freshly-read-from-disk copy after `echo 3 > /proc/sys/vm/drop_caches`, or (b) the runtime_syscall + kernel_trace indicators above. Operators who blacklisted esp4 / esp6 / rxrpc for CVE-2026-43284 / CVE-2026-43500 (Dirty Frag) are already mitigated for Fragnesia — the mitigation set is identical."
+    },
+    "last_updated": "2026-05-14"
   }
-}
+}

package/data/exploit-availability.json

@@ -111,5 +111,21 @@
     "active_exploitation": "confirmed",
     "last_verified": "2026-05-13",
     "verification_source": "OSV.dev MAL-2026-3083, Snyk SNYK-PYTHON-ELEMENTARYDATA-16316110, StepSecurity forensic writeup, Elementary Data incident report"
+  },
+  "CVE-2026-46300": {
+    "poc_status": "public",
+    "poc_description": "PoC published alongside disclosure on the V12 security team's GitHub. One-liner targets /usr/bin/su; the exploit primitive is deterministic page-cache corruption via XFRM ESP-in-TCP skb coalescing. No race condition, no kernel fingerprinting beyond version-range check.",
+    "weaponization_stage": "demonstrated",
+    "exploit_class": "deterministic LPE primitive",
+    "maturity_tier": "PoC",
+    "ai_discovery_confirmed": false,
+    "ai_assisted_weaponization": false,
+    "exploit_complexity": "low",
+    "complexity_notes": "Single-stage, deterministic. Same primitive class as Dirty Frag (CVE-2026-43284 / CVE-2026-43500) — the bug was introduced by the patch for Dirty Frag, so existing module-unload mitigations for esp4 / esp6 / rxrpc also mitigate Fragnesia.",
+    "active_exploitation": "none",
+    "discovered_at": "2026-05-13",
+    "poc_observed_at": "2026-05-13",
+    "last_verified": "2026-05-14",
+    "verification_source": "NVD CVE-2026-46300, V12 security team disclosure, AlmaLinux + CloudLinux advisories, Microsoft Security Blog (Dirty Frag family analysis)"
   }
 }

package/data/playbooks/ai-api.json

@@ -261,6 +261,24 @@
             "control_id": "CC6",
             "designed_for": "Logical and physical access controls.",
             "insufficient_because": "Same as AC-2 — authorized service account, no access-control finding even when account is being abused as C2."
+          },
+          {
+            "framework": "uk-caf",
+            "control_id": "C1 — Security monitoring",
+            "designed_for": "NCSC CAF outcome that security monitoring detects threats to the essential function.",
+            "insufficient_because": "Monitoring outcome requires a baseline of normal; vendor AI-API traffic is new enough that the established baseline classifies all of it as normal. The outcome can be 'achieved' while C2 traverses the same channel undetected."
+          },
+          {
+            "framework": "au-essential-8",
+            "control_id": "Strategy 5 — Restrict admin privileges",
+            "designed_for": "ASD mitigation strategy limiting administrative privilege scope and re-validation cadence.",
+            "insufficient_because": "Privilege restriction targets human admin accounts. The AI service account is non-human, holds the API token, and is excluded from the strategy's quarterly re-validation requirement on standard ML2 implementations."
+          },
+          {
+            "framework": "au-ism",
+            "control_id": "ISM-1841",
+            "designed_for": "Australian Government ISM control on event logging for cloud and SaaS services.",
+            "insufficient_because": "Logging scope assumes the org receives audit logs from the SaaS provider. AI-API providers expose request/response metadata but not prompt content, so the control's detection value collapses on the exfil-via-prompt channel."
           }
         ]
       },

package/data/playbooks/containers.json

@@ -209,6 +209,36 @@
             "control_id": "Annex I",
             "designed_for": "Cyber Resilience Act essential requirements (effective Dec 2027).",
             "insufficient_because": "Names SBOM + vulnerability handling; effective date is in the future. Container-specific operationalization will be set by harmonized standards still being drafted in 2026."
+          },
+          {
+            "framework": "nis2",
+            "control_id": "Art.21(2)(e)",
+            "designed_for": "Security in network and information systems acquisition, development and maintenance for essential and important entities.",
+            "insufficient_because": "Names secure configuration as essential measure. Implementing acts have not bound container-specific primitives (privileged, hostPID, runAsUser:0, capabilities-add, hostPath mounts); a fully NIS2-compliant entity can ship privileged containers."
+          },
+          {
+            "framework": "dora",
+            "control_id": "Art.9",
+            "designed_for": "ICT systems, protocols and tools — protective and preventative measures for financial entities.",
+            "insufficient_because": "Article requires 'state-of-the-art' protective measures without enumerating container-runtime primitives. DORA-compliant financial-entity ICT can include privileged-container workloads with no DORA-side finding."
+          },
+          {
+            "framework": "uk-caf",
+            "control_id": "B4 — System security",
+            "designed_for": "NCSC CAF outcome that operational systems are protected against cyber attack.",
+            "insufficient_because": "Outcome-based. Container manifests granting host-namespace access (hostPID, hostNetwork, hostIPC) or capability escalation (CAP_SYS_ADMIN) are not enumerated by the assessment, so the outcome can return 'achieved' on an escape-prone cluster."
+          },
+          {
+            "framework": "au-essential-8",
+            "control_id": "Strategy 5 — Restrict admin privileges",
+            "designed_for": "ASD mitigation strategy limiting administrative privilege scope.",
+            "insufficient_because": "Targets human admin accounts. Container workloads running as UID 0 or with CAP_SYS_ADMIN hold equivalent privilege to a host admin without appearing in the strategy's admin-account inventory."
+          },
+          {
+            "framework": "au-ism",
+            "control_id": "ISM-1417",
+            "designed_for": "Australian Government ISM control on hardening operating system and platform configurations.",
+            "insufficient_because": "Control evidences platform-level hardening at deployment. Per-manifest container security context (Pod Security Standards, runAsNonRoot, readOnlyRootFilesystem) is outside the standard ISM evidence model for the host."
           }
         ]
       },

package/data/playbooks/cred-stores.json

@@ -201,6 +201,24 @@
             "control_id": "Art.21(2)(j)",
             "designed_for": "Cryptography and access control policies.",
             "insufficient_because": "Policy shape. Permits 'we use SSO' as evidence without requiring per-device credential-store inventory."
+          },
+          {
+            "framework": "uk-caf",
+            "control_id": "B2 — Identity and access control",
+            "designed_for": "NCSC CAF outcome that the org understands, documents and manages access to networks and systems supporting the essential function.",
+            "insufficient_because": "Outcome focuses on authoritative directory state. Per-device credential stores (browser, IDE, secrets manager, OS keychain) holding long-lived bearer tokens fall outside the assessed identity surface and so escape the outcome's coverage."
+          },
+          {
+            "framework": "au-essential-8",
+            "control_id": "Strategy 6 — Multi-factor authentication",
+            "designed_for": "ASD mitigation strategy requiring MFA for privileged actions and remote access.",
+            "insufficient_because": "MFA binds the human authentication step. Long-lived PATs and cloud access keys cached in IDE/CLI credential stores execute the privileged action without re-traversing the MFA factor; the strategy's surface excludes them."
+          },
+          {
+            "framework": "au-ism",
+            "control_id": "ISM-1546",
+            "designed_for": "Australian Government ISM control on managing authentication credentials, including their secure storage.",
+            "insufficient_because": "Secure-storage requirement is met by any credential vault. Co-resident plaintext credential files on developer machines (npmrc, pip.conf, aws/credentials) are not exhaustively enumerated by the control's audit method."
           }
         ]
       },

package/data/playbooks/crypto.json

@@ -252,6 +252,24 @@
             "control_id": "Annex I (essential cybersecurity requirements)",
             "designed_for": "Cryptography for products with digital elements.",
             "insufficient_because": "Manufacturer obligation to use 'state-of-the-art' cryptography. 'State-of-the-art' is interpretive; without binding PQC reference, products ship classical-only."
+          },
+          {
+            "framework": "uk-caf",
+            "control_id": "B3 — Data security",
+            "designed_for": "NCSC CAF outcome that data is protected from compromise, including by cryptographic means.",
+            "insufficient_because": "Outcome-based — does not name algorithms or migration tempo. An entirely classical posture can be assessed as 'achieving' the outcome despite the HNDL adversary recording today against a CRQC decrypt date inside the data's retention window."
+          },
+          {
+            "framework": "au-essential-8",
+            "control_id": "Strategy 8 — Regular backups",
+            "designed_for": "ASD mitigation strategy for resilient backups, including encryption at rest.",
+            "insufficient_because": "Encryption at rest under the strategy uses classical algorithms by default. Long-retention backups encrypted classically are HNDL-exposed for the entire retention period; the strategy makes no reference to PQC or algorithm-currency."
+          },
+          {
+            "framework": "au-ism",
+            "control_id": "ISM-0457",
+            "designed_for": "Australian Government ISM control on approved cryptographic algorithms for protecting government information.",
+            "insufficient_because": "Quarterly publishing cadence lags FIPS 203/204/205 finalization. Approved-algorithm list mixes classical and PQC entries without binding migration deadlines; classical-only stacks remain ISM-compliant for the lag window."
           }
         ]
       },