@blamejs/exceptd-skills 0.13.113 → 0.13.114

package/data/cve-catalog.json

@@ -17908,6 +17908,214 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "Dify's RemoteFileUploadApi fetches user-supplied URLs without destination validation, letting an unauthenticated attacker reach internal/cloud-metadata services (CWE-918 SSRF); no fixed version published - validate/allowlist the fetch destination."
   },
+  "CVE-2025-1796": {
+    "name": "Dify Weak-PRNG Password Reset Account Takeover",
+    "type": "Account Takeover",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NIST (NVD) CVSS v3.1 base 8.8 (HIGH); huntr.dev (CNA) rates it 7.5 (HIGH, AC:H). Dify generates password-reset codes with a weak pseudo-random number generator (random.randint instead of a cryptographically secure source), so an attacker predicts the reset code and takes over any account, including administrators (CWE-338 weak PRNG + CWE-640 weak password-recovery mechanism).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the disclosing huntr.dev advisory (https://github.com/advisories/GHSA-cvg9-334x-w586): predict the weak-PRNG reset code and complete a password reset for any account.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via huntr.dev (https://github.com/advisories/GHSA-cvg9-334x-w586). The abused surface is Dify, a widely used low-code LLM application-development platform.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is a weak password-recovery mechanism in an LLM app platform.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure; no confirmed in-the-wild exploitation reported as of curation. No fixed version is published, so exposed instances remain vulnerable.",
+    "affected": "Dify 0.10.1.",
+    "affected_versions": [
+      "Dify 0.10.1"
+    ],
+    "vector": "Dify's password-reset flow generates the reset code with a weak pseudo-random number generator (random.randint) rather than a cryptographically secure RNG. An attacker predicts the reset code for any account - including administrator accounts - and completes a password reset to take it over (CWE-338 / CWE-640). Disclosed via huntr.dev.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:L - a low-privilege account suffices to trigger and predict the reset code; the takeover reaches admin.",
+    "patch_available": false,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "No fixed version is published as of curation; mitigation is replacing the reset-token generation with a CSPRNG and verifying the reset token server-side (see vendor_update_paths).",
+    "vendor_update_paths": [
+      "No fixed Dify release is published. Generate password-reset tokens with a cryptographically secure RNG (e.g. secrets / os.urandom), make them long and single-use with short expiry, and rate-limit reset attempts so a code cannot be predicted or brute-forced."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-IA-2": "Identification/authentication is undermined: the LLM app's password-recovery flow lets an attacker authenticate as any user, including admin.",
+      "NIST-800-53-AC-3": "Access enforcement is bypassed: a predictable reset code grants control of any account.",
+      "ISO-27001-2022-A.5.15": "Access control does not constrain the password-recovery path in the LLM app platform.",
+      "NIS2-Art21-identity-management": "Article 21 identity/access measures do not cover weak password-recovery in AI apps.",
+      "DORA-Art-9": "ICT protection measures do not model AI-app account takeover via password recovery as an ICT-risk event.",
+      "UK-CAF-B2": "Identity and Access Control objective has no objective for secure password-recovery in AI app platforms.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM app platforms.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an LLM app platform's password-recovery flow as an authentication-integrity control whose failure yields full (admin) account takeover."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1212",
+      "T1078"
+    ],
+    "rwep_score": 44,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 24,
+      "patch_available": 0,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Elevated (RWEP 44, \"patch within 7 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, and no fixed version published so no patch credit (Hard Rule #3). poc_available=20 + blast_radius=24 (full account/admin takeover). The weakness is in the password-recovery mechanism - predictable reset code.",
+    "epss_score": null,
+    "epss_date": "2026-05-26",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-1796",
+    "cwe_refs": [
+      "CWE-338",
+      "CWE-640"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Repeated Dify password-reset requests followed by reset attempts cycling through predictable code values.",
+        "Dify account passwords (including admin) changed without the legitimate owner initiating a reset.",
+        "Dify 0.10.1 with the password-reset flow reachable - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the huntr.dev advisory (https://github.com/advisories/GHSA-cvg9-334x-w586) and NVD CVE-2025-1796 (CWE-338/CWE-640)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-1796",
+      "https://github.com/advisories/GHSA-cvg9-334x-w586"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2025-1796",
+        "url": "https://github.com/advisories/GHSA-cvg9-334x-w586",
+        "severity": "high",
+        "published_date": "2025-03-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-1796",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1796",
+        "severity": "high",
+        "published_date": "2025-03-20"
+      }
+    ],
+    "last_updated": "2026-05-26",
+    "discovery_attribution_note": "Manually curated from the huntr.dev advisory (https://github.com/advisories/GHSA-cvg9-334x-w586, CWE-338/CWE-640) + NVD (CVSS v3.1 8.8) / huntr (CNA 7.5). Dify LLM-app-platform password-recovery flaw; introduces the AI-app password-recovery-integrity control NEW-CTRL-108.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Dify generates password-reset codes with a weak PRNG (random.randint), so an attacker predicts the code and takes over any account incl. admin (CWE-338/CWE-640); no fixed version published - use a CSPRNG for reset tokens."
+  },
+  "CVE-2024-12776": {
+    "name": "Dify Unverified Password-Reset Endpoint Account Takeover",
+    "type": "Account Takeover",
+    "cvss_score": 8.1,
+    "cvss_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "huntr.dev (CNA) CVSS v3.0 base 8.1 (HIGH); NVD has not published its own assessed score. Dify's /forgot-password/resets endpoint does not verify the password-reset code before allowing the reset, so an attacker resets the password of any user - including administrators - and takes over the account (CWE-287 improper authentication; NVD classifies it CWE-305 authentication bypass by primary weakness; both map to the catalogued CWE-640 weak password-recovery mechanism).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the disclosing huntr.dev advisory (https://github.com/advisories/GHSA-g394-qpx6-x7rr): call /forgot-password/resets without a valid reset code to reset any user's password.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via huntr.dev (https://github.com/advisories/GHSA-g394-qpx6-x7rr). The abused surface is Dify, a widely used low-code LLM application-development platform.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is a weak password-recovery mechanism in an LLM app platform.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure; no confirmed in-the-wild exploitation reported as of curation. No fixed version is published, so exposed instances remain vulnerable.",
+    "affected": "Dify 0.10.1.",
+    "affected_versions": [
+      "Dify 0.10.1"
+    ],
+    "vector": "Dify's /forgot-password/resets endpoint does not verify the password-reset code before performing the reset, so an attacker resets the password of any user - including administrators - without possessing a valid reset code, taking over the account (CWE-287 / CWE-640). Disclosed via huntr.dev.",
+    "complexity": "high",
+    "complexity_notes": "huntr CNA AV:N / AC:H / PR:N - unauthenticated, but the reset flow requires some setup (AC:H); the takeover reaches admin.",
+    "patch_available": false,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "No fixed version is published as of curation; mitigation is replacing the reset-token generation with a CSPRNG and verifying the reset token server-side (see vendor_update_paths).",
+    "vendor_update_paths": [
+      "No fixed Dify release is published. Verify the password-reset code server-side before accepting a new password at /forgot-password/resets, bind the code to the requesting user and a short expiry, and invalidate it after use."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-IA-2": "Identification/authentication is undermined: the LLM app's password-recovery flow lets an attacker authenticate as any user, including admin.",
+      "NIST-800-53-AC-3": "Access enforcement is bypassed: an unverified reset endpoint grants control of any account.",
+      "ISO-27001-2022-A.5.15": "Access control does not constrain the password-recovery path in the LLM app platform.",
+      "NIS2-Art21-identity-management": "Article 21 identity/access measures do not cover weak password-recovery in AI apps.",
+      "DORA-Art-9": "ICT protection measures do not model AI-app account takeover via password recovery as an ICT-risk event.",
+      "UK-CAF-B2": "Identity and Access Control objective has no objective for secure password-recovery in AI app platforms.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM app platforms.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an LLM app platform's password-recovery flow as an authentication-integrity control whose failure yields full (admin) account takeover."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1078",
+      "T1556"
+    ],
+    "rwep_score": 44,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 24,
+      "patch_available": 0,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Elevated (RWEP 44, \"patch within 7 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, and no fixed version published so no patch credit (Hard Rule #3). poc_available=20 + blast_radius=24 (full account/admin takeover). The weakness is in the password-recovery mechanism - unverified reset endpoint.",
+    "epss_score": null,
+    "epss_date": "2026-05-26",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2024-12776",
+    "cwe_refs": [
+      "CWE-287",
+      "CWE-640"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Dify /forgot-password/resets calls that succeed without a preceding valid reset-code issuance/verification.",
+        "Dify account passwords (including admin) changed without the legitimate owner initiating a reset.",
+        "Dify 0.10.1 with the password-reset flow reachable - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the huntr.dev advisory (https://github.com/advisories/GHSA-g394-qpx6-x7rr) and NVD CVE-2024-12776 (CWE-287/CWE-640; NVD CWE-305)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2024-12776",
+      "https://github.com/advisories/GHSA-g394-qpx6-x7rr"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2024-12776",
+        "url": "https://github.com/advisories/GHSA-g394-qpx6-x7rr",
+        "severity": "high",
+        "published_date": "2024-12-17"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2024-12776",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12776",
+        "severity": "high",
+        "published_date": "2024-12-17"
+      }
+    ],
+    "last_updated": "2026-05-26",
+    "discovery_attribution_note": "Manually curated from the huntr.dev advisory (https://github.com/advisories/GHSA-g394-qpx6-x7rr, CWE-287/CWE-640; NVD assigns CWE-305, mapped to catalogued CWE-640) + huntr (CNA, CVSS v3.0 8.1; NVD unscored). Dify LLM-app-platform password-recovery flaw; introduces the AI-app password-recovery-integrity control NEW-CTRL-108.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Dify's /forgot-password/resets endpoint does not verify the reset code, letting an attacker reset any user's password incl. admin (CWE-287/CWE-640; NVD CWE-305); no fixed version published - verify the reset token server-side."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",

package/data/cwe-catalog.json

@@ -717,6 +717,7 @@
       "CVE-2020-10148",
       "CVE-2021-32030",
       "CVE-2023-27351",
+      "CVE-2024-12776",
       "CVE-2024-1709",
       "CVE-2025-32975",
       "CVE-2025-3935",
@@ -1025,7 +1026,9 @@
       "CAPEC-485"
     ],
     "skills_referencing": [],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2025-1796"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SC-13"
     ],
@@ -3513,7 +3516,10 @@
       "CWE-2000"
     ],
     "related_weaknesses": [],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2024-12776",
+      "CVE-2025-1796"
+    ],
     "last_verified": "2026-05-19",
     "notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
     "_auto_imported": true,

package/data/framework-control-gaps.json

@@ -52,6 +52,7 @@
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2024-12366",
+      "CVE-2024-12776",
       "CVE-2024-13059",
       "CVE-2024-1561",
       "CVE-2024-21575",
@@ -73,6 +74,7 @@
       "CVE-2024-9526",
       "CVE-2025-1550",
       "CVE-2025-1753",
+      "CVE-2025-1796",
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-25297",
@@ -3875,8 +3877,10 @@
       "CVE-2023-48022",
       "CVE-2023-6019",
       "CVE-2023-6021",
+      "CVE-2024-12776",
       "CVE-2024-4889",
       "CVE-2024-6587",
+      "CVE-2025-1796",
       "CVE-2025-64513",
       "CVE-2026-24206",
       "CVE-2026-24207",
@@ -5114,6 +5118,7 @@
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2024-12366",
+      "CVE-2024-12776",
       "CVE-2024-13059",
       "CVE-2024-1561",
       "CVE-2024-21513",
@@ -5137,6 +5142,7 @@
       "CVE-2024-9526",
       "CVE-2025-1550",
       "CVE-2025-1753",
+      "CVE-2025-1796",
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-25297",
@@ -5225,7 +5231,9 @@
       "CVE-2023-43791",
       "CVE-2023-47117",
       "CVE-2023-6038",
+      "CVE-2024-12776",
       "CVE-2024-1709",
+      "CVE-2025-1796",
       "CVE-2025-25297",
       "CVE-2025-3248",
       "CVE-2025-3466",
@@ -5526,6 +5534,8 @@
       "CVE-2023-47117",
       "CVE-2023-6016",
       "CVE-2023-6038",
+      "CVE-2024-12776",
+      "CVE-2025-1796",
       "CVE-2025-3248",
       "CVE-2026-33017",
       "CVE-2026-6973"
@@ -5815,6 +5825,7 @@
       "CVE-2024-11393",
       "CVE-2024-11394",
       "CVE-2024-12366",
+      "CVE-2024-12776",
       "CVE-2024-13059",
       "CVE-2024-1561",
       "CVE-2024-21513",
@@ -5838,6 +5849,7 @@
       "CVE-2024-9526",
       "CVE-2025-1550",
       "CVE-2025-1753",
+      "CVE-2025-1796",
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-25297",
@@ -6097,6 +6109,8 @@
       "CVE-2023-47117",
       "CVE-2023-48022",
       "CVE-2023-6038",
+      "CVE-2024-12776",
+      "CVE-2025-1796",
       "CVE-2025-3248",
       "CVE-2025-55241",
       "CVE-2026-24206",
@@ -6173,10 +6187,12 @@
       "CVE-2023-6019",
       "CVE-2023-6021",
       "CVE-2023-6038",
+      "CVE-2024-12776",
       "CVE-2024-1709",
       "CVE-2024-2912",
       "CVE-2024-4889",
       "CVE-2024-6587",
+      "CVE-2025-1796",
       "CVE-2025-27520",
       "CVE-2025-3248",
       "CVE-2025-64513",

package/data/zeroday-lessons.json

@@ -4811,6 +4811,106 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation"
   },
+  "CVE-2025-1796": {
+    "name": "Dify Weak-PRNG Password Reset Account Takeover",
+    "lesson_date": "2026-05-26",
+    "attack_vector": {
+      "description": "Dify generates password-reset codes with a weak PRNG (random.randint) rather than a cryptographically secure RNG, so an attacker predicts the reset code and takes over any account, including administrators.",
+      "privileges_required": "low (an account to trigger the predictable reset; takeover reaches admin)",
+      "complexity": "low",
+      "ai_factor": "The abused surface is Dify, a low-code LLM application-development platform. The lesson: an AI app's password-recovery flow is an authentication-integrity control - the predictable reset-code half of a takeover chain that ends in full admin control; reset tokens must be CSPRNG-generated AND verified server-side."
+    },
+    "framework_coverage": {
+      "NIST-800-53-IA-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "The LLM app's password-recovery flow lets an attacker authenticate as any user, including admin."
+      },
+      "NIST-800-53-AC-3": {
+        "covered": true,
+        "adequate": false,
+        "gap": "A predictable reset code grants control of any account."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats an LLM app platform's password-recovery flow as an authentication-integrity control whose failure yields full account takeover."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 82,
+      "basis": "LLM app platforms ship self-service password recovery; reset-token generation and verification are rarely audited, and weak PRNG / missing verification persist.",
+      "theater_pattern": "ai_app_weak_password_recovery"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-108",
+        "name": "AI-APP-PASSWORD-RECOVERY-INTEGRITY",
+        "description": "An AI application's password-reset / account-recovery flow must (1) generate reset tokens with a cryptographically secure RNG (e.g. secrets / os.urandom - never random.randint or another predictable PRNG), making them long, single-use, and short-lived; and (2) verify the reset token server-side, bound to the requesting account, before accepting a new password - the reset endpoint must never perform a reset without a valid, matching, unexpired token. Rate-limit reset attempts. The distinguishing test: on a staging instance, request a reset and confirm the code is unpredictable across requests, and confirm POSTing to the reset endpoint with a wrong/absent code is rejected - an AI app whose recovery flow uses a weak PRNG or skips token verification permits takeover of any account, including administrators.",
+        "evidence": "https://github.com/advisories/GHSA-cvg9-334x-w586",
+        "gap_closes": [
+          "NIST-800-53-IA-2",
+          "NIST-800-53-AC-3",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
+  "CVE-2024-12776": {
+    "name": "Dify Unverified Password-Reset Endpoint Account Takeover",
+    "lesson_date": "2026-05-26",
+    "attack_vector": {
+      "description": "Dify's /forgot-password/resets endpoint does not verify the reset code before allowing a password reset, so an attacker resets any user's password (including admin) without a valid code.",
+      "privileges_required": "none (unauthenticated reset of any account)",
+      "complexity": "high",
+      "ai_factor": "The abused surface is Dify, a low-code LLM application-development platform. The lesson: an AI app's password-recovery flow is an authentication-integrity control - the unverified-reset-endpoint half of a takeover chain that ends in full admin control; reset tokens must be CSPRNG-generated AND verified server-side."
+    },
+    "framework_coverage": {
+      "NIST-800-53-IA-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "The LLM app's password-recovery flow lets an attacker authenticate as any user, including admin."
+      },
+      "NIST-800-53-AC-3": {
+        "covered": true,
+        "adequate": false,
+        "gap": "An unverified reset endpoint grants control of any account."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats an LLM app platform's password-recovery flow as an authentication-integrity control whose failure yields full account takeover."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 82,
+      "basis": "LLM app platforms ship self-service password recovery; reset-token generation and verification are rarely audited, and weak PRNG / missing verification persist.",
+      "theater_pattern": "ai_app_weak_password_recovery"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-108",
+        "name": "AI-APP-PASSWORD-RECOVERY-INTEGRITY",
+        "description": "An AI application's password-reset / account-recovery flow must (1) generate reset tokens with a cryptographically secure RNG (e.g. secrets / os.urandom - never random.randint or another predictable PRNG), making them long, single-use, and short-lived; and (2) verify the reset token server-side, bound to the requesting account, before accepting a new password - the reset endpoint must never perform a reset without a valid, matching, unexpired token. Rate-limit reset attempts. The distinguishing test: on a staging instance, request a reset and confirm the code is unpredictable across requests, and confirm POSTing to the reset endpoint with a wrong/absent code is rejected - an AI app whose recovery flow uses a weak PRNG or skips token verification permits takeover of any account, including administrators.",
+        "evidence": "https://github.com/advisories/GHSA-g394-qpx6-x7rr",
+        "gap_closes": [
+          "NIST-800-53-IA-2",
+          "NIST-800-53-AC-3",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
   "CVE-2025-56520": {
     "name": "Dify Remote File Upload Server-Side Request Forgery",
     "lesson_date": "2026-05-26",