@blamejs/exceptd-skills 0.13.122 → 0.13.124

package/data/atlas-ttps.json

@@ -1790,7 +1790,10 @@
       "CVE-2026-34159",
       "CVE-2026-41947",
       "CVE-2026-41950",
-      "CVE-2026-45829"
+      "CVE-2026-45829",
+      "CVE-2026-21858",
+      "CVE-2025-68668",
+      "CVE-2024-31462"
     ]
   },
   "AML.T0050": {

package/data/attack-techniques.json

@@ -345,7 +345,9 @@
       "CVE-2025-68665",
       "CVE-2025-51480",
       "CVE-2025-10164",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2025-68668",
+      "CVE-2026-21858"
     ],
     "description_full": "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of [Unix Shell](https://attack.mitre.org/techniques/T1059/004) while Windows installations include the [Windows Command Shell](https://attack.mitre.org/techniques/T1059/003) and [PowerShell](https://attack.mitre.org/techniques/T1059/001). There are also cross-platform interpreters such as [Python](https://attack.mitre.org/techniques/T1059/006), as well as those commonly associated with client applications such as [JavaScript](https://attack.mitre.org/techniques/T1059/007) and [Visual Basic](https://attack.mitre.org/techniques/T1059/005). Adversaries may abuse these technologies in various ways as a means of executing arbitrary commands. Commands and scripts can be embedded in [Initial Access](https://attack.mitre.org/tactics/TA0001) payloads delivered to victims as lure documents or as secondary payloads downloaded from an existing C2. Adversaries may also execute commands through interactive terminals/shells, as well as utilize various [Remote Services](https://attack.mitre.org/techniques/T1021) in order to achieve remote Execution.(Citation: Powershell Remote Commands)(Citation: Cisco IOS Software Integrity Assurance - Command History)(Citation: Remote Shell Execution in Python)",
     "platforms": [
@@ -561,7 +563,8 @@
       "CVE-2026-6973",
       "MAL-2026-NODE-IPC-STEALER",
       "MAL-2026-SHAI-HULUD-OSS",
-      "CVE-2025-69286"
+      "CVE-2025-69286",
+      "CVE-2026-21858"
     ],
     "description_full": "Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.(Citation: volexity_0day_sophos_FW) Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence. In some cases, adversaries may abuse inactive accounts: for example, those belonging to individuals who are no longer part of an organization. Using these accounts may allow the adversary to evade detection, as the original account user will not be present to identify any anomalous activity taking place on their account.(Citation: CISA MFA PrintNightmare) The overlap of permissions for local, domain, and cloud accounts across a network of systems is of concern because the adversary may be able to pivot across accounts and systems to reach a high level of access (i.e., domain or enterprise administrator) to bypass access controls set within the enterprise.(Citation: TechNet Credential Theft)",
     "platforms": [
@@ -1107,7 +1110,10 @@
       "CVE-2025-69286",
       "CVE-2026-22218",
       "CVE-2026-22219",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-21858",
+      "CVE-2025-68668",
+      "CVE-2024-31462"
     ],
     "description_full": "Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration. Exploited applications are often websites/web servers, but can also include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other system with Internet-accessible open sockets.(Citation: NVD CVE-2016-6662)(Citation: CIS Multiple SMB Vulnerabilities)(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks)(Citation: NVD CVE-2014-7169) On ESXi infrastructure, adversaries may exploit exposed OpenSLP services; they may alternatively exploit exposed VMware vCenter servers.(Citation: Recorded Future ESXiArgs Ransomware 2023)(Citation: Ars Technica VMWare Code Execution Vulnerability 2021) Depending on the flaw being exploited, this may also involve [Exploitation for Stealth](https://attack.mitre.org/techniques/T1211) or [Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203). If an application is hosted on cloud-based infrastructure and/or is containerized, then exploiting it may lead to compromise of the underlying instance or container. This can allow an adversary a path to access the cloud or container APIs (e.g., via the [Cloud Instance Metadata API](https://attack.mitre.org/techniques/T1552/005)), exploit container host access via [Escape to Host](https://attack.mitre.org/techniques/T1611), or take advantage of weak identity and access management policies. Adversaries may also exploit edge network infrastructure and related appliances, specifically targeting devices that do not support robust host-based defenses.(Citation: Mandiant Fortinet Zero Day)(Citation: Wired Russia Cyberwar) For websites and databases, the OWASP top 10 and CWE top 25 highlight the most common web-based vulnerabilities.(Citation: OWASP Top 10)(Citation: CWE top 25)",
     "platforms": [
@@ -1334,7 +1340,8 @@
     "cve_refs": [
       "CVE-2026-41950",
       "CVE-2024-12450",
-      "CVE-2026-22218"
+      "CVE-2026-22218",
+      "CVE-2026-21858"
     ]
   },
   "T1485": {

package/data/cve-catalog.json

@@ -39967,5 +39967,313 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "SGLang /v1/rerank renders a model-supplied jinja2 chat_template in a non-sandboxed Environment, so a malicious model achieves RCE (CWE-94); fix renders with ImmutableSandboxedEnvironment."
+  },
+  "CVE-2026-21858": {
+    "name": "n8n Form-Based Unauthenticated Arbitrary File Access",
+    "type": "Arbitrary File Access",
+    "cvss_score": 10,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
+    "cvss_note": "GitHub (CNA) CVSS v3.1 base 10.0 (CRITICAL, scope-changed). n8n versions 1.65.0 through < 1.121.0 allow an unauthenticated attacker to access files on the underlying server through the execution of certain form-based actions, with no input validation confining the accessed path (CWE-20 improper input validation). The public exploit chains beyond file read: on a locally deployed instance with a readable DB/config it reads the credentials, forges an admin session, then creates a workflow using the Execute Command node to run host commands - i.e. unauthenticated file read escalating to remote code execution.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the disclosing GitHub Security Advisory: unauthenticated form-based requests reach a file-access path on the n8n server.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via GitHub Security Advisory and enriched by NVD. The abused surface is n8n, a widely deployed workflow-automation / AI-workflow platform (>100k internet-reachable instances reported).",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is missing input validation on a form-based action that reaches a server file-access path.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog). FIRST EPSS percentile is elevated (91st).",
+    "affected": "n8n 1.65.0 through versions before 1.121.0.",
+    "affected_versions": [
+      "n8n >= 1.65.0, < 1.121.0"
+    ],
+    "vector": "n8n exposes form-based actions that reach a file-access path on the underlying server without authentication or path confinement, so an unauthenticated attacker accesses arbitrary server files (CWE-20 improper input validation); the scope-changed CVSS reflects reaching resources beyond the application boundary. Where the local database/config is readable, the public exploit chains this into full host RCE: read the DB/config, forge an authenticated admin session, then create a workflow whose Execute Command node runs arbitrary host commands.",
+    "complexity": "low",
+    "complexity_notes": "GitHub v3.1 AV:N / AC:L / PR:N / UI:N - unauthenticated form-based request.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to n8n 1.121.0 or later; redeploy the instance and ensure it is not exposed unauthenticated to untrusted networks.",
+    "vendor_update_paths": [
+      "Upgrade n8n to 1.121.0 or later. Authenticate form-based actions, validate and confine any file path they reach, and do not expose the n8n instance to untrusted networks."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-10": "No input validation confines the file path reached by the form-based action (CWE-20).",
+      "NIST-800-53-AC-3": "Access enforcement does not require authentication on a path that reaches server files.",
+      "ISO-27001-2022-A.8.28": "Secure coding does not require validation/confinement of file paths reached by form actions.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model a workflow-automation platform's form actions as an unauthenticated file-access surface.",
+      "DORA-Art-9": "ICT protection measures do not model unauthenticated file access in an AI-workflow platform as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for authentication + path confinement on workflow-platform form actions.",
+      "AU-ISM-1546": "Patch-application control does not single out AI-workflow / automation platforms.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats a workflow-automation platform's form-action file path as an integrity boundary requiring auth + confinement."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1213",
+      "T1078",
+      "T1059"
+    ],
+    "rwep_score": 31,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "High (RWEP 31, \"patch promptly\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, patched at 1.121.0 (Hard Rule #3): poc_available=20 + blast_radius=26 (unauthenticated CVSS-10.0 arbitrary file read that the public exploit chains into admin-session forgery + Execute Command host RCE on locally deployed instances; >100k internet-reachable instances; elevated EPSS), minus patch_available 15.",
+    "epss_score": 0.06939,
+    "epss_date": "2026-05-26",
+    "epss_note": "FIRST EPSS 0.06939 (91st percentile) as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-21858",
+    "cwe_refs": [
+      "CWE-20"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated n8n form-based requests that reference server file paths (../ traversal or absolute paths).",
+        "n8n returning contents of server files (config, .env, credentials) to unauthenticated callers.",
+        "n8n 1.65.0-1.120.x reachable unauthenticated on the network - the exposed precondition.",
+        "n8n workflows created shortly after an unauthenticated file-read that use the Execute Command node to run host commands.",
+        "Admin/authenticated sessions appearing without a corresponding login, consistent with a forged session derived from a leaked DB/config."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the n8n GitHub Security Advisory and NVD CVE-2026-21858 (CWE-20)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-21858"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2026-21858",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21858",
+        "severity": "critical",
+        "published_date": "2026-01-08"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-21858",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21858",
+        "severity": "critical",
+        "published_date": "2026-01-08"
+      }
+    ],
+    "last_updated": "2026-05-26",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2026-21858 (CWE-20) + the n8n GitHub Security Advisory (CNA, CVSS v3.1 10.0). n8n workflow-automation unauthenticated file access via form actions; reuses the AI-runtime-API path-traversal validation control NEW-CTRL-094.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "n8n 1.65.0-1.120.x lets an unauthenticated attacker access server files via form-based actions without path confinement (CWE-20); fixed in 1.121.0."
+  },
+  "CVE-2025-68668": {
+    "name": "n8n Python Code Node Pyodide Sandbox Bypass RCE",
+    "type": "Sandbox Escape",
+    "cvss_score": 9.9,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+    "cvss_note": "GitHub (CNA) / NVD CVSS v3.1 base 9.9 (CRITICAL, scope-changed). n8n's Python Code Node runs user code in a Pyodide sandbox, but an authenticated user with permission to edit workflows bypasses the sandbox and executes code with host privileges (CWE-693 protection mechanism failure).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the disclosing GitHub Security Advisory: a crafted Python Code Node escapes the Pyodide sandbox to the host.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via GitHub Security Advisory and enriched by NVD. The abused surface is n8n's Python Code Node (Pyodide), in a widely deployed AI-workflow / automation platform.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is a sandbox-bypass (protection-mechanism failure) in a visual workflow builder's code-execution node.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog).",
+    "affected": "n8n 1.0.0 up to before 2.0.0 (Python Code Node / Pyodide).",
+    "affected_versions": [
+      "n8n >= 1.0.0, < 2.0.0"
+    ],
+    "vector": "n8n's Python Code Node executes user-supplied code inside a Pyodide sandbox, but the sandbox is bypassable, so an authenticated user with workflow-edit permission escapes it and runs code with the privileges of the n8n process (CWE-693 protection mechanism failure) - a code-node sandbox escape.",
+    "complexity": "low",
+    "complexity_notes": "GitHub v3.1 AV:N / AC:L / PR:L - an authenticated user who can edit a workflow.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to n8n 2.0.0 or later; redeploy the instance.",
+    "vendor_update_paths": [
+      "Upgrade n8n to 2.0.0 or later. Treat the code node as a code-execution sink: run it in a hardened sandbox with no host filesystem/network/process access, restrict who can edit workflows, and never expose the editor to untrusted users."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-AC-3": "Access enforcement does not contain the code node to its sandbox - an editor escapes to host privileges.",
+      "NIST-800-53-SI-3": "Malicious-code protection does not stop a sandbox-bypass in the workflow builder's code node.",
+      "NIST-800-53-SC-39": "Process isolation does not confine the Pyodide-sandboxed code node from the host process.",
+      "ISO-27001-2022-A.8.28": "Secure coding does not guarantee the code-node sandbox is non-bypassable.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model a workflow builder's code node as a sandbox-escape RCE surface.",
+      "DORA-Art-9": "ICT protection measures do not model code-node sandbox escape in an AI-workflow platform as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for non-bypassable code-node sandboxing in workflow platforms.",
+      "AU-ISM-1546": "Patch-application control does not single out AI-workflow / automation platforms.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats a visual workflow builder's code node as a code-execution sink requiring a non-bypassable sandbox."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 27,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 22,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Moderate-high (RWEP 27, \"patch within 30 days\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, patched at 2.0.0 (Hard Rule #3): poc_available=20 + blast_radius=22 (authenticated code-node sandbox escape to host RCE in a widely deployed workflow builder), minus patch_available 15.",
+    "epss_score": 0.00035,
+    "epss_date": "2026-05-26",
+    "epss_note": "FIRST EPSS 0.00035 (10th percentile) as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-68668",
+    "cwe_refs": [
+      "CWE-693"
+    ],
+    "iocs": {
+      "behavioral": [
+        "n8n Python Code Node workflows containing Pyodide escape patterns (reaching the host filesystem / process from inside the sandbox).",
+        "Process execution / host access by the n8n process originating from a Python Code Node run.",
+        "n8n 1.x (< 2.0.0) with the Python Code Node enabled for users who can edit workflows - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the n8n GitHub Security Advisory and NVD CVE-2025-68668 (CWE-693)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-68668"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2025-68668",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68668",
+        "severity": "critical",
+        "published_date": "2025-12-19"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-68668",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68668",
+        "severity": "critical",
+        "published_date": "2025-12-19"
+      }
+    ],
+    "last_updated": "2026-05-26",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2025-68668 (CWE-693) + the n8n GitHub Security Advisory (CNA, CVSS v3.1 9.9). n8n Python Code Node Pyodide sandbox bypass; reuses the AI-app-builder execution-endpoint auth-and-sandbox control NEW-CTRL-103 (shared with the Dify code-node escape and Langflow/Flowise RCEs).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "n8n's Python Code Node Pyodide sandbox is bypassable, so an authenticated workflow editor runs code with host privileges (CWE-693); fixed in 2.0.0."
+  },
+  "CVE-2024-31462": {
+    "name": "stable-diffusion-webui Backup/Restore Limited File Write (Path Traversal)",
+    "type": "Path Traversal",
+    "cvss_score": 6.3,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+    "cvss_note": "GitHub (CNA) CVSS v3.1 base 6.3 (MEDIUM). stable-diffusion-webui 1.7.0's Backup/Restore tab (modules/ui_extensions.py save_config_state) builds a file path from an unvalidated user-supplied filename and opens it for writing, yielding a limited file write (JSON files to arbitrary locations) exploitable on Windows (CWE-22 path traversal). Disclosed as GHSL-2024-010; the CVE/OSV record marks releases through 1.8.0 as affected (the advisory tested 1.7.0).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the GitHub Security Lab advisory GHSL-2024-010: a crafted config-state name in the Backup/Restore tab writes a JSON file outside the intended directory on Windows.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by GitHub Security Lab (GHSL-2024-010) and enriched by NVD. The abused surface is AUTOMATIC1111 stable-diffusion-webui, the most widely deployed Stable Diffusion web UI (Gradio-based).",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is missing filename validation in an image-generation web UI's backup/restore feature.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "GitHub Security Lab advisory with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog).",
+    "affected": "stable-diffusion-webui 1.7.0 through 1.8.0 (Windows; Backup/Restore tab). The GitHub Security Lab advisory tested 1.7.0, but the CVE/OSV record marks releases beyond 1.7.0 (including 1.8.0) as affected; fixed by commit d9708c92b444894bce8070e4dcfaa093f8eb8d43.",
+    "affected_versions": [
+      "stable-diffusion-webui 1.7.0 - 1.8.0"
+    ],
+    "vector": "stable-diffusion-webui's Backup/Restore tab (save_config_state in modules/ui_extensions.py) constructs a file path from an unvalidated user-supplied config-state name and opens it for writing, so a user supplies a traversal/absolute path and writes a JSON file to an arbitrary location on a Windows host (CWE-22 limited file write).",
+    "complexity": "low",
+    "complexity_notes": "GitHub v3.1 AV:N / AC:L / PR:L - a user interacting with the web UI's Backup/Restore tab; impact limited to JSON file writes on Windows.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to a build containing fix commit d9708c92b444894bce8070e4dcfaa093f8eb8d43; 1.8.0 is still affected, so do not assume it is fixed. Redeploy after upgrade.",
+    "vendor_update_paths": [
+      "Upgrade stable-diffusion-webui to a build containing the GHSL-2024-010 fix (commit d9708c92b444894bce8070e4dcfaa093f8eb8d43) - 1.8.0 remains affected, so upgrading from 1.7.0 to 1.8.0 is NOT sufficient. Validate and confine the Backup/Restore config-state filename to the intended directory, and do not expose the web UI to untrusted users."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-10": "No input validation confines the config-state filename before the file is opened for writing (CWE-22).",
+      "NIST-800-53-AC-3": "Access enforcement does not confine the write to the intended directory.",
+      "ISO-27001-2022-A.8.28": "Secure coding does not require canonicalization/confinement of the user-supplied backup filename.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model an image-generation web UI's backup feature as a file-write surface.",
+      "DORA-Art-9": "ICT protection measures do not model limited file write in an AI image-gen UI as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for path confinement on AI web-UI file features.",
+      "AU-ISM-1546": "Patch-application control does not single out AI image-generation web UIs.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an AI web UI's user-supplied file path as an integrity boundary requiring confinement."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190"
+    ],
+    "rwep_score": 17,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 12,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Moderate (RWEP 17, \"patch within 30 days\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, fixed by commit d9708c92 (1.7.0-1.8.0 affected) (Hard Rule #3): poc_available=20 + blast_radius=12 (limited JSON file write, authenticated, Windows-only, in the most widely deployed Stable Diffusion web UI), minus patch_available 15.",
+    "epss_score": 0.00245,
+    "epss_date": "2026-05-26",
+    "epss_note": "FIRST EPSS 0.00245 as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2024-31462",
+    "cwe_refs": [
+      "CWE-22"
+    ],
+    "iocs": {
+      "behavioral": [
+        "stable-diffusion-webui Backup/Restore (save_config_state) requests whose config-state name contains ../ traversal or an absolute Windows path.",
+        "Unexpected JSON files written outside the webui directory on a Windows host running stable-diffusion-webui.",
+        "stable-diffusion-webui 1.7.0 through 1.8.0 on Windows exposed to users who can reach the Backup/Restore tab - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to GitHub Security Lab GHSL-2024-010 and NVD CVE-2024-31462 (CWE-22)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2024-31462",
+      "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Lab",
+        "advisory_id": "GHSL-2024-010",
+        "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/",
+        "severity": "medium",
+        "published_date": "2024-04-24"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2024-31462",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31462",
+        "severity": "medium",
+        "published_date": "2024-04-24"
+      }
+    ],
+    "last_updated": "2026-05-26",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2024-31462 (CWE-22) + GitHub Security Lab GHSL-2024-010. AUTOMATIC1111 stable-diffusion-webui Backup/Restore limited file write; reuses the AI-runtime-API path-traversal validation control NEW-CTRL-094 (shared with the AnythingLLM upload traversal, Chainlit element read, ONNX model overwrite, and n8n form-action file access).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "stable-diffusion-webui (1.7.0 through 1.8.0) Backup/Restore builds a write path from an unvalidated filename, yielding a limited file write on Windows (CWE-22); fixed by commit d9708c92."
   }
 }

package/data/cwe-catalog.json

@@ -56,7 +56,8 @@
       "CVE-2026-32201",
       "CVE-2026-34197",
       "CVE-2026-6973",
-      "CVE-2025-10164"
+      "CVE-2025-10164",
+      "CVE-2026-21858"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",
@@ -116,7 +117,8 @@
       "CVE-2026-25592",
       "CVE-2026-34926",
       "CVE-2026-22218",
-      "CVE-2025-51480"
+      "CVE-2025-51480",
+      "CVE-2024-31462"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-AC-3",
@@ -2197,7 +2199,8 @@
       "CVE-2025-3466",
       "CVE-2025-40536",
       "CVE-2026-21510",
-      "CVE-2026-21513"
+      "CVE-2026-21513",
+      "CVE-2025-68668"
     ],
     "last_verified": "2026-05-18",
     "notes": "Added v0.13.17 to back the UnDefend Defender update-disruption entry. CWE-693 is the canonical parent for failures-of-protection-mechanism — Defender continues running but its update mechanism has been corrupted, so the AV protection-mechanism fails silently while the host still passes 'is Defender running?' health checks."

package/data/framework-control-gaps.json

@@ -123,7 +123,10 @@
       "CVE-2026-22219",
       "CVE-2025-51480",
       "CVE-2025-10164",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-21858",
+      "CVE-2025-68668",
+      "CVE-2024-31462"
     ],
     "atlas_refs": [
       "AML.T0018",
@@ -1321,7 +1324,10 @@
       "CVE-2026-22218",
       "CVE-2025-51480",
       "CVE-2025-10164",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-21858",
+      "CVE-2025-68668",
+      "CVE-2024-31462"
     ],
     "atlas_refs": [
       "AML.T0051",
@@ -2270,7 +2276,8 @@
     "evidence_cves": [
       "CVE-2024-21626",
       "CVE-2025-22224",
-      "CVE-2025-22225"
+      "CVE-2025-22225",
+      "CVE-2025-68668"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -2443,7 +2450,9 @@
       "CVE-2026-22219",
       "CVE-2025-51480",
       "CVE-2025-10164",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-21858",
+      "CVE-2024-31462"
     ],
     "atlas_refs": [
       "AML.T0053"
@@ -2896,7 +2905,8 @@
       "CVE-2026-22778",
       "CVE-2026-32202",
       "CVE-2026-33017",
-      "CVE-2026-33825"
+      "CVE-2026-33825",
+      "CVE-2025-68668"
     ],
     "atlas_refs": [
       "AML.T0017"
@@ -5234,7 +5244,10 @@
       "CVE-2026-22219",
       "CVE-2025-51480",
       "CVE-2025-10164",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-21858",
+      "CVE-2025-68668",
+      "CVE-2024-31462"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -5286,7 +5299,10 @@
       "CVE-2026-7482",
       "CVE-2025-69286",
       "CVE-2026-22218",
-      "CVE-2026-22219"
+      "CVE-2026-22219",
+      "CVE-2026-21858",
+      "CVE-2025-68668",
+      "CVE-2024-31462"
     ],
     "atlas_refs": [
       "AML.T0051"
@@ -5832,7 +5848,10 @@
       "CVE-2026-22219",
       "CVE-2025-51480",
       "CVE-2025-10164",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-21858",
+      "CVE-2025-68668",
+      "CVE-2024-31462"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -5962,7 +5981,10 @@
       "CVE-2026-22219",
       "CVE-2025-51480",
       "CVE-2025-10164",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-21858",
+      "CVE-2025-68668",
+      "CVE-2024-31462"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -6390,7 +6412,10 @@
       "CVE-2026-22219",
       "CVE-2025-51480",
       "CVE-2025-10164",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-21858",
+      "CVE-2025-68668",
+      "CVE-2024-31462"
     ],
     "atlas_refs": [],
     "attack_refs": [