@blamejs/exceptd-skills 0.13.123 → 0.13.125

package/data/atlas-ttps.json

@@ -1792,7 +1792,10 @@
       "CVE-2026-41950",
       "CVE-2026-45829",
       "CVE-2026-21858",
-      "CVE-2025-68668"
+      "CVE-2025-68668",
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ]
   },
   "AML.T0050": {

package/data/attack-techniques.json

@@ -347,7 +347,9 @@
       "CVE-2025-10164",
       "CVE-2026-5760",
       "CVE-2025-68668",
-      "CVE-2026-21858"
+      "CVE-2026-21858",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "description_full": "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of [Unix Shell](https://attack.mitre.org/techniques/T1059/004) while Windows installations include the [Windows Command Shell](https://attack.mitre.org/techniques/T1059/003) and [PowerShell](https://attack.mitre.org/techniques/T1059/001). There are also cross-platform interpreters such as [Python](https://attack.mitre.org/techniques/T1059/006), as well as those commonly associated with client applications such as [JavaScript](https://attack.mitre.org/techniques/T1059/007) and [Visual Basic](https://attack.mitre.org/techniques/T1059/005). Adversaries may abuse these technologies in various ways as a means of executing arbitrary commands. Commands and scripts can be embedded in [Initial Access](https://attack.mitre.org/tactics/TA0001) payloads delivered to victims as lure documents or as secondary payloads downloaded from an existing C2. Adversaries may also execute commands through interactive terminals/shells, as well as utilize various [Remote Services](https://attack.mitre.org/techniques/T1021) in order to achieve remote Execution.(Citation: Powershell Remote Commands)(Citation: Cisco IOS Software Integrity Assurance - Command History)(Citation: Remote Shell Execution in Python)",
     "platforms": [
@@ -1112,7 +1114,10 @@
       "CVE-2026-22219",
       "CVE-2026-5760",
       "CVE-2026-21858",
-      "CVE-2025-68668"
+      "CVE-2025-68668",
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "description_full": "Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration. Exploited applications are often websites/web servers, but can also include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other system with Internet-accessible open sockets.(Citation: NVD CVE-2016-6662)(Citation: CIS Multiple SMB Vulnerabilities)(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks)(Citation: NVD CVE-2014-7169) On ESXi infrastructure, adversaries may exploit exposed OpenSLP services; they may alternatively exploit exposed VMware vCenter servers.(Citation: Recorded Future ESXiArgs Ransomware 2023)(Citation: Ars Technica VMWare Code Execution Vulnerability 2021) Depending on the flaw being exploited, this may also involve [Exploitation for Stealth](https://attack.mitre.org/techniques/T1211) or [Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203). If an application is hosted on cloud-based infrastructure and/or is containerized, then exploiting it may lead to compromise of the underlying instance or container. This can allow an adversary a path to access the cloud or container APIs (e.g., via the [Cloud Instance Metadata API](https://attack.mitre.org/techniques/T1552/005)), exploit container host access via [Escape to Host](https://attack.mitre.org/techniques/T1611), or take advantage of weak identity and access management policies. Adversaries may also exploit edge network infrastructure and related appliances, specifically targeting devices that do not support robust host-based defenses.(Citation: Mandiant Fortinet Zero Day)(Citation: Wired Russia Cyberwar) For websites and databases, the OWASP top 10 and CWE top 25 highlight the most common web-based vulnerabilities.(Citation: OWASP Top 10)(Citation: CWE top 25)",
     "platforms": [

package/data/cve-catalog.json

@@ -40174,5 +40174,310 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "n8n's Python Code Node Pyodide sandbox is bypassable, so an authenticated workflow editor runs code with host privileges (CWE-693); fixed in 2.0.0."
+  },
+  "CVE-2024-31462": {
+    "name": "stable-diffusion-webui Backup/Restore Limited File Write (Path Traversal)",
+    "type": "Path Traversal",
+    "cvss_score": 6.3,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+    "cvss_note": "GitHub (CNA) CVSS v3.1 base 6.3 (MEDIUM). stable-diffusion-webui 1.7.0's Backup/Restore tab (modules/ui_extensions.py save_config_state) builds a file path from an unvalidated user-supplied filename and opens it for writing, yielding a limited file write (JSON files to arbitrary locations) exploitable on Windows (CWE-22 path traversal). Disclosed as GHSL-2024-010; the CVE/OSV record marks releases through 1.8.0 as affected (the advisory tested 1.7.0).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the GitHub Security Lab advisory GHSL-2024-010: a crafted config-state name in the Backup/Restore tab writes a JSON file outside the intended directory on Windows.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by GitHub Security Lab (GHSL-2024-010) and enriched by NVD. The abused surface is AUTOMATIC1111 stable-diffusion-webui, the most widely deployed Stable Diffusion web UI (Gradio-based).",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is missing filename validation in an image-generation web UI's backup/restore feature.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "GitHub Security Lab advisory with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog).",
+    "affected": "stable-diffusion-webui 1.7.0 through 1.8.0 (Windows; Backup/Restore tab). The GitHub Security Lab advisory tested 1.7.0, but the CVE/OSV record marks releases beyond 1.7.0 (including 1.8.0) as affected; fixed by commit d9708c92b444894bce8070e4dcfaa093f8eb8d43.",
+    "affected_versions": [
+      "stable-diffusion-webui 1.7.0 - 1.8.0"
+    ],
+    "vector": "stable-diffusion-webui's Backup/Restore tab (save_config_state in modules/ui_extensions.py) constructs a file path from an unvalidated user-supplied config-state name and opens it for writing, so a user supplies a traversal/absolute path and writes a JSON file to an arbitrary location on a Windows host (CWE-22 limited file write).",
+    "complexity": "low",
+    "complexity_notes": "GitHub v3.1 AV:N / AC:L / PR:L - a user interacting with the web UI's Backup/Restore tab; impact limited to JSON file writes on Windows.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to a build containing fix commit d9708c92b444894bce8070e4dcfaa093f8eb8d43; 1.8.0 is still affected, so do not assume it is fixed. Redeploy after upgrade.",
+    "vendor_update_paths": [
+      "Upgrade stable-diffusion-webui to a build containing the GHSL-2024-010 fix (commit d9708c92b444894bce8070e4dcfaa093f8eb8d43) - 1.8.0 remains affected, so upgrading from 1.7.0 to 1.8.0 is NOT sufficient. Validate and confine the Backup/Restore config-state filename to the intended directory, and do not expose the web UI to untrusted users."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-10": "No input validation confines the config-state filename before the file is opened for writing (CWE-22).",
+      "NIST-800-53-AC-3": "Access enforcement does not confine the write to the intended directory.",
+      "ISO-27001-2022-A.8.28": "Secure coding does not require canonicalization/confinement of the user-supplied backup filename.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model an image-generation web UI's backup feature as a file-write surface.",
+      "DORA-Art-9": "ICT protection measures do not model limited file write in an AI image-gen UI as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for path confinement on AI web-UI file features.",
+      "AU-ISM-1546": "Patch-application control does not single out AI image-generation web UIs.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an AI web UI's user-supplied file path as an integrity boundary requiring confinement."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190"
+    ],
+    "rwep_score": 17,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 12,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Moderate (RWEP 17, \"patch within 30 days\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, fixed by commit d9708c92 (1.7.0-1.8.0 affected) (Hard Rule #3): poc_available=20 + blast_radius=12 (limited JSON file write, authenticated, Windows-only, in the most widely deployed Stable Diffusion web UI), minus patch_available 15.",
+    "epss_score": 0.00245,
+    "epss_date": "2026-05-26",
+    "epss_note": "FIRST EPSS 0.00245 as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2024-31462",
+    "cwe_refs": [
+      "CWE-22"
+    ],
+    "iocs": {
+      "behavioral": [
+        "stable-diffusion-webui Backup/Restore (save_config_state) requests whose config-state name contains ../ traversal or an absolute Windows path.",
+        "Unexpected JSON files written outside the webui directory on a Windows host running stable-diffusion-webui.",
+        "stable-diffusion-webui 1.7.0 through 1.8.0 on Windows exposed to users who can reach the Backup/Restore tab - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to GitHub Security Lab GHSL-2024-010 and NVD CVE-2024-31462 (CWE-22)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2024-31462",
+      "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Lab",
+        "advisory_id": "GHSL-2024-010",
+        "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/",
+        "severity": "medium",
+        "published_date": "2024-04-24"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2024-31462",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31462",
+        "severity": "medium",
+        "published_date": "2024-04-24"
+      }
+    ],
+    "last_updated": "2026-05-26",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2024-31462 (CWE-22) + GitHub Security Lab GHSL-2024-010. AUTOMATIC1111 stable-diffusion-webui Backup/Restore limited file write; reuses the AI-runtime-API path-traversal validation control NEW-CTRL-094 (shared with the AnythingLLM upload traversal, Chainlit element read, ONNX model overwrite, and n8n form-action file access).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "stable-diffusion-webui (1.7.0 through 1.8.0) Backup/Restore builds a write path from an unvalidated filename, yielding a limited file write on Windows (CWE-22); fixed by commit d9708c92."
+  },
+  "CVE-2026-3059": {
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "poc_available": true,
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is an unauthenticated IPC channel that deserializes untrusted serialized objects in an LLM serving framework.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "GitHub advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog).",
+    "complexity": "low",
+    "complexity_notes": "CNA AV:N / AC:L / PR:N / UI:N - an unauthenticated peer reaches the IPC/ZMQ channel.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to SGLang 0.5.10 or later (fix in PR #20904); redeploy the serving process and isolate the IPC channel on a trusted segment.",
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 31,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "epss_score": 0.01945,
+    "epss_date": "2026-05-26",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "last_updated": "2026-05-26",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation does not single out unsafe IPC deserialization in an LLM serving framework, which spreads by code reuse across engines.",
+      "NIST-800-53-SC-7": "Boundary protection does not isolate the unauthenticated IPC/ZMQ channel from untrusted peers.",
+      "ISO-27001-2022-A.8.8": "Technical-vulnerability management does not treat the serving framework's IPC deserialization as a managed surface.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model an LLM serving framework's IPC channel as an unauthenticated RCE surface.",
+      "DORA-Art-9": "ICT protection measures do not model unauthenticated IPC-deserialization RCE in an AI serving framework as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for authenticated, safe-serialized IPC in ML serving frameworks.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving frameworks.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an LLM serving framework's IPC channel as an integrity boundary requiring a safe serializer + peer authentication."
+    },
+    "name": "SGLang Multimodal-Generation ZMQ Broker Unauthenticated Deserialization RCE",
+    "cvss_note": "CNA CVSS v3.1 base 9.8 (CRITICAL). SGLang's multimodal generation module exposes a ZMQ broker that deserializes untrusted serialized objects from unauthenticated peers (CWE-502 deserialization of untrusted data), yielding unauthenticated remote code execution on the serving host.",
+    "poc_description": "Documented in the disclosing advisory (https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr) and the Orca Security writeup: an unauthenticated serialized-object message to the multimodal ZMQ broker executes code.",
+    "ai_discovery_notes": "Disclosed via GitHub Security Advisory GHSA-3cp7-c6q2-94xr and enriched by NVD. The abused surface is SGLang (lmsys), a widely used LLM serving / inference framework.",
+    "affected": "SGLang (lmsys) before 0.5.10 (multimodal generation module ZMQ broker).",
+    "affected_versions": [
+      "SGLang < 0.5.10"
+    ],
+    "vector": "SGLang's multimodal generation module runs a ZMQ broker (scheduler_client.py) that deserializes untrusted serialized objects received from unauthenticated peers, so an unauthenticated attacker who can reach the channel sends a crafted serialized object and executes arbitrary code on the serving host (CWE-502).",
+    "vendor_update_paths": [
+      "Upgrade SGLang to 0.5.10 or later (PR #20904). Use a safe serializer for IPC, never deserialize untrusted serialized objects, authenticate ZMQ peers, and isolate the channel on a trusted network segment."
+    ],
+    "rwep_notes": "High (RWEP 31, \"patch promptly\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, patched at 0.5.10 (Hard Rule #3): poc_available=20 + blast_radius=26 (unauthenticated CVSS-9.8 IPC-deserialization RCE in a widely used LLM serving framework), minus patch_available 15.",
+    "epss_note": "FIRST EPSS 0.01945 (84th percentile) as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-3059",
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated connections to the SGLang multimodal generation ZMQ broker from untrusted peers.",
+        "Process execution by the SGLang serving process triggered by a multimodal ZMQ message.",
+        "SGLang < 0.5.10 with the multimodal generation ZMQ channel reachable by untrusted peers - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to GHSA-3cp7-c6q2-94xr and NVD CVE-2026-3059 (CWE-502)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-3059",
+      "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "GHSA-3cp7-c6q2-94xr",
+        "url": "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-3059",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3059",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      }
+    ],
+    "discovery_attribution_note": "Manually curated from NVD CVE-2026-3059 (CWE-502) + GitHub Security Advisory GHSA-3cp7-c6q2-94xr + the Orca Security writeup. SGLang LLM-serving-framework unauthenticated IPC-deserialization RCE (multimodal ZMQ broker); reuses the AI-inference IPC deserialization-safety control NEW-CTRL-086 (shared with the vLLM ZeroMQ-transport and TensorRT-LLM deserialization class).",
+    "_kev_short_description": "SGLang's multimodal ZMQ broker deserializes untrusted serialized objects from unauthenticated peers, yielding unauth RCE (CWE-502); fixed in 0.5.10."
+  },
+  "CVE-2026-3060": {
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "poc_available": true,
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is an unauthenticated IPC channel that deserializes untrusted serialized objects in an LLM serving framework.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "GitHub advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog).",
+    "complexity": "low",
+    "complexity_notes": "CNA AV:N / AC:L / PR:N / UI:N - an unauthenticated peer reaches the IPC/ZMQ channel.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to SGLang 0.5.10 or later (fix in PR #20904); redeploy the serving process and isolate the IPC channel on a trusted segment.",
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 31,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "epss_score": 0.01945,
+    "epss_date": "2026-05-26",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "last_updated": "2026-05-26",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation does not single out unsafe IPC deserialization in an LLM serving framework, which spreads by code reuse across engines.",
+      "NIST-800-53-SC-7": "Boundary protection does not isolate the unauthenticated IPC/ZMQ channel from untrusted peers.",
+      "ISO-27001-2022-A.8.8": "Technical-vulnerability management does not treat the serving framework's IPC deserialization as a managed surface.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model an LLM serving framework's IPC channel as an unauthenticated RCE surface.",
+      "DORA-Art-9": "ICT protection measures do not model unauthenticated IPC-deserialization RCE in an AI serving framework as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for authenticated, safe-serialized IPC in ML serving frameworks.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving frameworks.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an LLM serving framework's IPC channel as an integrity boundary requiring a safe serializer + peer authentication."
+    },
+    "name": "SGLang Encoder-Parallel Disaggregation Unauthenticated Deserialization RCE",
+    "cvss_note": "CNA CVSS v3.1 base 9.8 (CRITICAL). SGLang's encoder parallel disaggregation system deserializes untrusted serialized objects from unauthenticated peers in the disaggregation module (CWE-502 deserialization of untrusted data), yielding unauthenticated remote code execution on the serving host.",
+    "poc_description": "Documented in the disclosing advisory and the Orca Security writeup: an unauthenticated serialized-object message to the disaggregation module (encode_receiver.py) executes code.",
+    "ai_discovery_notes": "Disclosed via GitHub Security Advisory (PR #20904) and enriched by NVD. The abused surface is SGLang (lmsys), a widely used LLM serving / inference framework.",
+    "affected": "SGLang (lmsys) before 0.5.10 (encoder parallel disaggregation module).",
+    "affected_versions": [
+      "SGLang < 0.5.10"
+    ],
+    "vector": "SGLang's encoder parallel disaggregation system (encode_receiver.py) deserializes untrusted serialized objects received from unauthenticated peers, so an unauthenticated attacker who can reach the disaggregation channel sends a crafted serialized object and executes arbitrary code on the serving host (CWE-502).",
+    "vendor_update_paths": [
+      "Upgrade SGLang to 0.5.10 or later (PR #20904). Use a safe serializer for the disaggregation IPC, never deserialize untrusted serialized objects, authenticate peers, and isolate the channel on a trusted network segment."
+    ],
+    "rwep_notes": "High (RWEP 31, \"patch promptly\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, patched at 0.5.10 (Hard Rule #3): poc_available=20 + blast_radius=26 (unauthenticated CVSS-9.8 IPC-deserialization RCE in a widely used LLM serving framework), minus patch_available 15.",
+    "epss_note": "FIRST EPSS 0.01945 (84th percentile) as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-3060",
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated connections to the SGLang encoder-parallel disaggregation channel from untrusted peers.",
+        "Process execution by the SGLang serving process triggered by a disaggregation-module message.",
+        "SGLang < 0.5.10 with the disaggregation channel reachable by untrusted peers - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the SGLang advisory (PR #20904) and NVD CVE-2026-3060 (CWE-502)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-3060",
+      "https://github.com/sgl-project/sglang/pull/20904"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2026-3060",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3060",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-3060",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3060",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      }
+    ],
+    "discovery_attribution_note": "Manually curated from NVD CVE-2026-3060 (CWE-502) + the SGLang fix (PR #20904) + the Orca Security writeup. SGLang LLM-serving-framework unauthenticated IPC-deserialization RCE (encoder-parallel disaggregation); reuses the AI-inference IPC deserialization-safety control NEW-CTRL-086.",
+    "_kev_short_description": "SGLang's encoder-parallel disaggregation module deserializes untrusted serialized objects from unauthenticated peers, yielding unauth RCE (CWE-502); fixed in 0.5.10."
   }
 }

package/data/cwe-catalog.json

@@ -117,7 +117,8 @@
       "CVE-2026-25592",
       "CVE-2026-34926",
       "CVE-2026-22218",
-      "CVE-2025-51480"
+      "CVE-2025-51480",
+      "CVE-2024-31462"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-AC-3",
@@ -1379,7 +1380,9 @@
       "CVE-2026-20963",
       "CVE-2026-31229",
       "CVE-2025-68665",
-      "CVE-2025-10164"
+      "CVE-2025-10164",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",

package/data/framework-control-gaps.json

@@ -125,7 +125,10 @@
       "CVE-2025-10164",
       "CVE-2026-5760",
       "CVE-2026-21858",
-      "CVE-2025-68668"
+      "CVE-2025-68668",
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [
       "AML.T0018",
@@ -1325,7 +1328,8 @@
       "CVE-2025-10164",
       "CVE-2026-5760",
       "CVE-2026-21858",
-      "CVE-2025-68668"
+      "CVE-2025-68668",
+      "CVE-2024-31462"
     ],
     "atlas_refs": [
       "AML.T0051",
@@ -1712,7 +1716,9 @@
       "CVE-2026-46300",
       "CVE-2026-46333",
       "CVE-2026-5281",
-      "CVE-2026-9082"
+      "CVE-2026-9082",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -2328,7 +2334,9 @@
       "CVE-2026-42897",
       "CVE-2024-12450",
       "CVE-2026-22219",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [
       "AML.T0096",
@@ -2449,7 +2457,8 @@
       "CVE-2025-51480",
       "CVE-2025-10164",
       "CVE-2026-5760",
-      "CVE-2026-21858"
+      "CVE-2026-21858",
+      "CVE-2024-31462"
     ],
     "atlas_refs": [
       "AML.T0053"
@@ -2857,7 +2866,9 @@
       "CVE-2026-5281",
       "CVE-2026-6973",
       "CVE-2026-9082",
-      "CVE-2025-10164"
+      "CVE-2025-10164",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -5243,7 +5254,10 @@
       "CVE-2025-10164",
       "CVE-2026-5760",
       "CVE-2026-21858",
-      "CVE-2025-68668"
+      "CVE-2025-68668",
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -5297,7 +5311,8 @@
       "CVE-2026-22218",
       "CVE-2026-22219",
       "CVE-2026-21858",
-      "CVE-2025-68668"
+      "CVE-2025-68668",
+      "CVE-2024-31462"
     ],
     "atlas_refs": [
       "AML.T0051"
@@ -5845,7 +5860,10 @@
       "CVE-2025-10164",
       "CVE-2026-5760",
       "CVE-2026-21858",
-      "CVE-2025-68668"
+      "CVE-2025-68668",
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -5977,7 +5995,10 @@
       "CVE-2025-10164",
       "CVE-2026-5760",
       "CVE-2026-21858",
-      "CVE-2025-68668"
+      "CVE-2025-68668",
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -6407,7 +6428,10 @@
       "CVE-2025-10164",
       "CVE-2026-5760",
       "CVE-2026-21858",
-      "CVE-2025-68668"
+      "CVE-2025-68668",
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [