@blamejs/exceptd-skills 0.13.124 → 0.13.125

package/data/atlas-ttps.json

@@ -1793,7 +1793,9 @@
       "CVE-2026-45829",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ]
   },
   "AML.T0050": {

package/data/attack-techniques.json

@@ -347,7 +347,9 @@
       "CVE-2025-10164",
       "CVE-2026-5760",
       "CVE-2025-68668",
-      "CVE-2026-21858"
+      "CVE-2026-21858",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "description_full": "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of [Unix Shell](https://attack.mitre.org/techniques/T1059/004) while Windows installations include the [Windows Command Shell](https://attack.mitre.org/techniques/T1059/003) and [PowerShell](https://attack.mitre.org/techniques/T1059/001). There are also cross-platform interpreters such as [Python](https://attack.mitre.org/techniques/T1059/006), as well as those commonly associated with client applications such as [JavaScript](https://attack.mitre.org/techniques/T1059/007) and [Visual Basic](https://attack.mitre.org/techniques/T1059/005). Adversaries may abuse these technologies in various ways as a means of executing arbitrary commands. Commands and scripts can be embedded in [Initial Access](https://attack.mitre.org/tactics/TA0001) payloads delivered to victims as lure documents or as secondary payloads downloaded from an existing C2. Adversaries may also execute commands through interactive terminals/shells, as well as utilize various [Remote Services](https://attack.mitre.org/techniques/T1021) in order to achieve remote Execution.(Citation: Powershell Remote Commands)(Citation: Cisco IOS Software Integrity Assurance - Command History)(Citation: Remote Shell Execution in Python)",
     "platforms": [
@@ -1113,7 +1115,9 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "description_full": "Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration. Exploited applications are often websites/web servers, but can also include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other system with Internet-accessible open sockets.(Citation: NVD CVE-2016-6662)(Citation: CIS Multiple SMB Vulnerabilities)(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks)(Citation: NVD CVE-2014-7169) On ESXi infrastructure, adversaries may exploit exposed OpenSLP services; they may alternatively exploit exposed VMware vCenter servers.(Citation: Recorded Future ESXiArgs Ransomware 2023)(Citation: Ars Technica VMWare Code Execution Vulnerability 2021) Depending on the flaw being exploited, this may also involve [Exploitation for Stealth](https://attack.mitre.org/techniques/T1211) or [Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203). If an application is hosted on cloud-based infrastructure and/or is containerized, then exploiting it may lead to compromise of the underlying instance or container. This can allow an adversary a path to access the cloud or container APIs (e.g., via the [Cloud Instance Metadata API](https://attack.mitre.org/techniques/T1552/005)), exploit container host access via [Escape to Host](https://attack.mitre.org/techniques/T1611), or take advantage of weak identity and access management policies. Adversaries may also exploit edge network infrastructure and related appliances, specifically targeting devices that do not support robust host-based defenses.(Citation: Mandiant Fortinet Zero Day)(Citation: Wired Russia Cyberwar) For websites and databases, the OWASP top 10 and CWE top 25 highlight the most common web-based vulnerabilities.(Citation: OWASP Top 10)(Citation: CWE top 25)",
     "platforms": [

package/data/cve-catalog.json

@@ -40275,5 +40275,209 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "stable-diffusion-webui (1.7.0 through 1.8.0) Backup/Restore builds a write path from an unvalidated filename, yielding a limited file write on Windows (CWE-22); fixed by commit d9708c92."
+  },
+  "CVE-2026-3059": {
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "poc_available": true,
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is an unauthenticated IPC channel that deserializes untrusted serialized objects in an LLM serving framework.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "GitHub advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog).",
+    "complexity": "low",
+    "complexity_notes": "CNA AV:N / AC:L / PR:N / UI:N - an unauthenticated peer reaches the IPC/ZMQ channel.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to SGLang 0.5.10 or later (fix in PR #20904); redeploy the serving process and isolate the IPC channel on a trusted segment.",
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 31,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "epss_score": 0.01945,
+    "epss_date": "2026-05-26",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "last_updated": "2026-05-26",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation does not single out unsafe IPC deserialization in an LLM serving framework, which spreads by code reuse across engines.",
+      "NIST-800-53-SC-7": "Boundary protection does not isolate the unauthenticated IPC/ZMQ channel from untrusted peers.",
+      "ISO-27001-2022-A.8.8": "Technical-vulnerability management does not treat the serving framework's IPC deserialization as a managed surface.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model an LLM serving framework's IPC channel as an unauthenticated RCE surface.",
+      "DORA-Art-9": "ICT protection measures do not model unauthenticated IPC-deserialization RCE in an AI serving framework as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for authenticated, safe-serialized IPC in ML serving frameworks.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving frameworks.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an LLM serving framework's IPC channel as an integrity boundary requiring a safe serializer + peer authentication."
+    },
+    "name": "SGLang Multimodal-Generation ZMQ Broker Unauthenticated Deserialization RCE",
+    "cvss_note": "CNA CVSS v3.1 base 9.8 (CRITICAL). SGLang's multimodal generation module exposes a ZMQ broker that deserializes untrusted serialized objects from unauthenticated peers (CWE-502 deserialization of untrusted data), yielding unauthenticated remote code execution on the serving host.",
+    "poc_description": "Documented in the disclosing advisory (https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr) and the Orca Security writeup: an unauthenticated serialized-object message to the multimodal ZMQ broker executes code.",
+    "ai_discovery_notes": "Disclosed via GitHub Security Advisory GHSA-3cp7-c6q2-94xr and enriched by NVD. The abused surface is SGLang (lmsys), a widely used LLM serving / inference framework.",
+    "affected": "SGLang (lmsys) before 0.5.10 (multimodal generation module ZMQ broker).",
+    "affected_versions": [
+      "SGLang < 0.5.10"
+    ],
+    "vector": "SGLang's multimodal generation module runs a ZMQ broker (scheduler_client.py) that deserializes untrusted serialized objects received from unauthenticated peers, so an unauthenticated attacker who can reach the channel sends a crafted serialized object and executes arbitrary code on the serving host (CWE-502).",
+    "vendor_update_paths": [
+      "Upgrade SGLang to 0.5.10 or later (PR #20904). Use a safe serializer for IPC, never deserialize untrusted serialized objects, authenticate ZMQ peers, and isolate the channel on a trusted network segment."
+    ],
+    "rwep_notes": "High (RWEP 31, \"patch promptly\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, patched at 0.5.10 (Hard Rule #3): poc_available=20 + blast_radius=26 (unauthenticated CVSS-9.8 IPC-deserialization RCE in a widely used LLM serving framework), minus patch_available 15.",
+    "epss_note": "FIRST EPSS 0.01945 (84th percentile) as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-3059",
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated connections to the SGLang multimodal generation ZMQ broker from untrusted peers.",
+        "Process execution by the SGLang serving process triggered by a multimodal ZMQ message.",
+        "SGLang < 0.5.10 with the multimodal generation ZMQ channel reachable by untrusted peers - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to GHSA-3cp7-c6q2-94xr and NVD CVE-2026-3059 (CWE-502)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-3059",
+      "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "GHSA-3cp7-c6q2-94xr",
+        "url": "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-3059",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3059",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      }
+    ],
+    "discovery_attribution_note": "Manually curated from NVD CVE-2026-3059 (CWE-502) + GitHub Security Advisory GHSA-3cp7-c6q2-94xr + the Orca Security writeup. SGLang LLM-serving-framework unauthenticated IPC-deserialization RCE (multimodal ZMQ broker); reuses the AI-inference IPC deserialization-safety control NEW-CTRL-086 (shared with the vLLM ZeroMQ-transport and TensorRT-LLM deserialization class).",
+    "_kev_short_description": "SGLang's multimodal ZMQ broker deserializes untrusted serialized objects from unauthenticated peers, yielding unauth RCE (CWE-502); fixed in 0.5.10."
+  },
+  "CVE-2026-3060": {
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "poc_available": true,
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is an unauthenticated IPC channel that deserializes untrusted serialized objects in an LLM serving framework.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "GitHub advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog).",
+    "complexity": "low",
+    "complexity_notes": "CNA AV:N / AC:L / PR:N / UI:N - an unauthenticated peer reaches the IPC/ZMQ channel.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to SGLang 0.5.10 or later (fix in PR #20904); redeploy the serving process and isolate the IPC channel on a trusted segment.",
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 31,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "epss_score": 0.01945,
+    "epss_date": "2026-05-26",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "last_updated": "2026-05-26",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation does not single out unsafe IPC deserialization in an LLM serving framework, which spreads by code reuse across engines.",
+      "NIST-800-53-SC-7": "Boundary protection does not isolate the unauthenticated IPC/ZMQ channel from untrusted peers.",
+      "ISO-27001-2022-A.8.8": "Technical-vulnerability management does not treat the serving framework's IPC deserialization as a managed surface.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model an LLM serving framework's IPC channel as an unauthenticated RCE surface.",
+      "DORA-Art-9": "ICT protection measures do not model unauthenticated IPC-deserialization RCE in an AI serving framework as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for authenticated, safe-serialized IPC in ML serving frameworks.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving frameworks.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an LLM serving framework's IPC channel as an integrity boundary requiring a safe serializer + peer authentication."
+    },
+    "name": "SGLang Encoder-Parallel Disaggregation Unauthenticated Deserialization RCE",
+    "cvss_note": "CNA CVSS v3.1 base 9.8 (CRITICAL). SGLang's encoder parallel disaggregation system deserializes untrusted serialized objects from unauthenticated peers in the disaggregation module (CWE-502 deserialization of untrusted data), yielding unauthenticated remote code execution on the serving host.",
+    "poc_description": "Documented in the disclosing advisory and the Orca Security writeup: an unauthenticated serialized-object message to the disaggregation module (encode_receiver.py) executes code.",
+    "ai_discovery_notes": "Disclosed via GitHub Security Advisory (PR #20904) and enriched by NVD. The abused surface is SGLang (lmsys), a widely used LLM serving / inference framework.",
+    "affected": "SGLang (lmsys) before 0.5.10 (encoder parallel disaggregation module).",
+    "affected_versions": [
+      "SGLang < 0.5.10"
+    ],
+    "vector": "SGLang's encoder parallel disaggregation system (encode_receiver.py) deserializes untrusted serialized objects received from unauthenticated peers, so an unauthenticated attacker who can reach the disaggregation channel sends a crafted serialized object and executes arbitrary code on the serving host (CWE-502).",
+    "vendor_update_paths": [
+      "Upgrade SGLang to 0.5.10 or later (PR #20904). Use a safe serializer for the disaggregation IPC, never deserialize untrusted serialized objects, authenticate peers, and isolate the channel on a trusted network segment."
+    ],
+    "rwep_notes": "High (RWEP 31, \"patch promptly\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, patched at 0.5.10 (Hard Rule #3): poc_available=20 + blast_radius=26 (unauthenticated CVSS-9.8 IPC-deserialization RCE in a widely used LLM serving framework), minus patch_available 15.",
+    "epss_note": "FIRST EPSS 0.01945 (84th percentile) as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-3060",
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated connections to the SGLang encoder-parallel disaggregation channel from untrusted peers.",
+        "Process execution by the SGLang serving process triggered by a disaggregation-module message.",
+        "SGLang < 0.5.10 with the disaggregation channel reachable by untrusted peers - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the SGLang advisory (PR #20904) and NVD CVE-2026-3060 (CWE-502)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-3060",
+      "https://github.com/sgl-project/sglang/pull/20904"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2026-3060",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3060",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-3060",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3060",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      }
+    ],
+    "discovery_attribution_note": "Manually curated from NVD CVE-2026-3060 (CWE-502) + the SGLang fix (PR #20904) + the Orca Security writeup. SGLang LLM-serving-framework unauthenticated IPC-deserialization RCE (encoder-parallel disaggregation); reuses the AI-inference IPC deserialization-safety control NEW-CTRL-086.",
+    "_kev_short_description": "SGLang's encoder-parallel disaggregation module deserializes untrusted serialized objects from unauthenticated peers, yielding unauth RCE (CWE-502); fixed in 0.5.10."
   }
 }

package/data/cwe-catalog.json

@@ -1380,7 +1380,9 @@
       "CVE-2026-20963",
       "CVE-2026-31229",
       "CVE-2025-68665",
-      "CVE-2025-10164"
+      "CVE-2025-10164",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",

package/data/framework-control-gaps.json

@@ -126,7 +126,9 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [
       "AML.T0018",
@@ -1714,7 +1716,9 @@
       "CVE-2026-46300",
       "CVE-2026-46333",
       "CVE-2026-5281",
-      "CVE-2026-9082"
+      "CVE-2026-9082",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -2330,7 +2334,9 @@
       "CVE-2026-42897",
       "CVE-2024-12450",
       "CVE-2026-22219",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [
       "AML.T0096",
@@ -2860,7 +2866,9 @@
       "CVE-2026-5281",
       "CVE-2026-6973",
       "CVE-2026-9082",
-      "CVE-2025-10164"
+      "CVE-2025-10164",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -5247,7 +5255,9 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -5851,7 +5861,9 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -5984,7 +5996,9 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -6415,7 +6429,9 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [

package/data/zeroday-lessons.json

@@ -17596,5 +17596,105 @@
     ],
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation"
+  },
+  "CVE-2026-3059": {
+    "name": "SGLang Multimodal-Generation ZMQ Broker Unauthenticated Deserialization RCE",
+    "lesson_date": "2026-05-26",
+    "attack_vector": {
+      "description": "An unauthenticated peer reaches an SGLang IPC/ZMQ channel that deserializes untrusted serialized objects, executing arbitrary code on the serving host.",
+      "privileges_required": "none (unauthenticated peer reaching the IPC channel)",
+      "complexity": "low",
+      "ai_factor": "The abused surface is SGLang, an LLM serving framework. The lesson: inter-process channels in inference engines must use a safe serializer + peer authentication and be isolated - never deserialize untrusted objects."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Flaw-remediation does not single out unsafe IPC deserialization spreading by code reuse across engines."
+      },
+      "NIST-800-53-SC-7": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Boundary protection does not isolate the unauthenticated IPC/ZMQ channel."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats an inference engine's IPC channel as an integrity boundary requiring a safe serializer + peer auth."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 83,
+      "basis": "Inference engines wire inter-process channels with object-deserializing transports on trusted-network assumptions; peer authentication + safe serialization are rarely audited.",
+      "theater_pattern": "ai_inference_ipc_unsafe_deserialization"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-086",
+        "name": "AI-INFERENCE-IPC-DESERIALIZATION-SAFETY",
+        "description": "AI inference engines must use a safe serializer (e.g. JSON) for IPC/socket/ZMQ communication, never deserialize untrusted serialized objects, authenticate socket peers, and isolate the channel on a trusted network segment. Because the insecure primitive spreads by code reuse, apply the control across every inference engine in the estate. The distinguishing test: send a crafted serialized object to the inference engine's IPC socket from an unauthorized peer on a staging instance and confirm it is rejected, not deserialized.",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SI-10",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ],
+        "evidence": "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr"
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
+  "CVE-2026-3060": {
+    "name": "SGLang Encoder-Parallel Disaggregation Unauthenticated Deserialization RCE",
+    "lesson_date": "2026-05-26",
+    "attack_vector": {
+      "description": "An unauthenticated peer reaches an SGLang IPC/ZMQ channel that deserializes untrusted serialized objects, executing arbitrary code on the serving host.",
+      "privileges_required": "none (unauthenticated peer reaching the IPC channel)",
+      "complexity": "low",
+      "ai_factor": "The abused surface is SGLang, an LLM serving framework. The lesson: inter-process channels in inference engines must use a safe serializer + peer authentication and be isolated - never deserialize untrusted objects."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Flaw-remediation does not single out unsafe IPC deserialization spreading by code reuse across engines."
+      },
+      "NIST-800-53-SC-7": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Boundary protection does not isolate the unauthenticated IPC/ZMQ channel."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats an inference engine's IPC channel as an integrity boundary requiring a safe serializer + peer auth."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 83,
+      "basis": "Inference engines wire inter-process channels with object-deserializing transports on trusted-network assumptions; peer authentication + safe serialization are rarely audited.",
+      "theater_pattern": "ai_inference_ipc_unsafe_deserialization"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-086",
+        "name": "AI-INFERENCE-IPC-DESERIALIZATION-SAFETY",
+        "description": "AI inference engines must use a safe serializer (e.g. JSON) for IPC/socket/ZMQ communication, never deserialize untrusted serialized objects, authenticate socket peers, and isolate the channel on a trusted network segment. Because the insecure primitive spreads by code reuse, apply the control across every inference engine in the estate. The distinguishing test: send a crafted serialized object to the inference engine's IPC socket from an unauthorized peer on a staging instance and confirm it is rejected, not deserialized.",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SI-10",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ],
+        "evidence": "https://github.com/sgl-project/sglang/pull/20904"
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
   }
 }