@blamejs/exceptd-skills 0.13.124 → 0.13.126

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +9 -9
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +1035 -0
  6. package/data/atlas-ttps.json +4 -1
  7. package/data/attack-techniques.json +8 -2
  8. package/data/cve-catalog.json +308 -0
  9. package/data/cwe-catalog.json +7 -3
  10. package/data/framework-control-gaps.json +37 -12
  11. package/data/zeroday-lessons.json +150 -0
  12. package/manifest.json +44 -44
  13. package/package.json +1 -1
  14. package/sbom.cdx.json +24 -24
package/data/_indexes/chains.json CHANGED
@@ -76228,6 +76228,1000 @@
76228
76228
  ]
76229
76229
  }
76230
76230
  },
76231
+ "CVE-2026-3059": {
76232
+ "name": "SGLang Multimodal-Generation ZMQ Broker Unauthenticated Deserialization RCE",
76233
+ "rwep": 31,
76234
+ "cvss": 9.8,
76235
+ "cisa_kev": false,
76236
+ "epss_score": 0.01945,
76237
+ "referencing_skills": [
76238
+ "kernel-lpe-triage",
76239
+ "ai-attack-surface",
76240
+ "compliance-theater",
76241
+ "ai-c2-detection",
76242
+ "dlp-gap-analysis",
76243
+ "coordinated-vuln-disclosure"
76244
+ ],
76245
+ "chain": {
76246
+ "cwes": [
76247
+ {
76248
+ "id": "CWE-1039",
76249
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
76250
+ "category": "AI/ML"
76251
+ },
76252
+ {
76253
+ "id": "CWE-125",
76254
+ "name": "Out-of-bounds Read",
76255
+ "category": "Memory Safety"
76256
+ },
76257
+ {
76258
+ "id": "CWE-1357",
76259
+ "name": "Reliance on Insufficiently Trustworthy Component",
76260
+ "category": "Supply Chain"
76261
+ },
76262
+ {
76263
+ "id": "CWE-1426",
76264
+ "name": "Improper Validation of Generative AI Output",
76265
+ "category": "AI/ML"
76266
+ },
76267
+ {
76268
+ "id": "CWE-200",
76269
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
76270
+ "category": "Information Exposure"
76271
+ },
76272
+ {
76273
+ "id": "CWE-362",
76274
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
76275
+ "category": "Concurrency"
76276
+ },
76277
+ {
76278
+ "id": "CWE-416",
76279
+ "name": "Use After Free",
76280
+ "category": "Memory Safety"
76281
+ },
76282
+ {
76283
+ "id": "CWE-672",
76284
+ "name": "Operation on a Resource after Expiration or Release",
76285
+ "category": "Memory Safety"
76286
+ },
76287
+ {
76288
+ "id": "CWE-787",
76289
+ "name": "Out-of-bounds Write",
76290
+ "category": "Memory Safety"
76291
+ },
76292
+ {
76293
+ "id": "CWE-94",
76294
+ "name": "Improper Control of Generation of Code (Code Injection)",
76295
+ "category": "Injection"
76296
+ }
76297
+ ],
76298
+ "atlas": [
76299
+ {
76300
+ "id": "AML.T0016",
76301
+ "name": "Obtain Capabilities: Develop Capabilities",
76302
+ "tactic": "Resource Development"
76303
+ },
76304
+ {
76305
+ "id": "AML.T0017",
76306
+ "name": "Discover ML Model Ontology",
76307
+ "tactic": "Discovery"
76308
+ },
76309
+ {
76310
+ "id": "AML.T0018",
76311
+ "name": "Backdoor ML Model",
76312
+ "tactic": "Persistence"
76313
+ },
76314
+ {
76315
+ "id": "AML.T0020",
76316
+ "name": "Poison Training Data",
76317
+ "tactic": "ML Attack Staging"
76318
+ },
76319
+ {
76320
+ "id": "AML.T0043",
76321
+ "name": "Craft Adversarial Data",
76322
+ "tactic": "ML Attack Staging"
76323
+ },
76324
+ {
76325
+ "id": "AML.T0051",
76326
+ "name": "LLM Prompt Injection",
76327
+ "tactic": "Execution"
76328
+ },
76329
+ {
76330
+ "id": "AML.T0054",
76331
+ "name": "LLM Jailbreak",
76332
+ "tactic": "Defense Evasion"
76333
+ },
76334
+ {
76335
+ "id": "AML.T0096",
76336
+ "name": "AI API as Covert C2 Channel",
76337
+ "tactic": "Command and Control"
76338
+ }
76339
+ ],
76340
+ "d3fend": [
76341
+ {
76342
+ "id": "D3-ASLR",
76343
+ "name": "Address Space Layout Randomization",
76344
+ "tactic": "Harden"
76345
+ },
76346
+ {
76347
+ "id": "D3-CA",
76348
+ "name": "Certificate Analysis",
76349
+ "tactic": "Detect"
76350
+ },
76351
+ {
76352
+ "id": "D3-CSPP",
76353
+ "name": "Client-server Payload Profiling",
76354
+ "tactic": "Detect"
76355
+ },
76356
+ {
76357
+ "id": "D3-DA",
76358
+ "name": "Domain Analysis",
76359
+ "tactic": "Detect"
76360
+ },
76361
+ {
76362
+ "id": "D3-EAL",
76363
+ "name": "Executable Allowlisting",
76364
+ "tactic": "Harden"
76365
+ },
76366
+ {
76367
+ "id": "D3-IOPR",
76368
+ "name": "Input/Output Profiling Resource",
76369
+ "tactic": "Detect"
76370
+ },
76371
+ {
76372
+ "id": "D3-NI",
76373
+ "name": "Network Isolation",
76374
+ "tactic": "Isolate"
76375
+ },
76376
+ {
76377
+ "id": "D3-NTA",
76378
+ "name": "Network Traffic Analysis",
76379
+ "tactic": "Detect"
76380
+ },
76381
+ {
76382
+ "id": "D3-NTPM",
76383
+ "name": "Network Traffic Policy Mapping",
76384
+ "tactic": "Model"
76385
+ },
76386
+ {
76387
+ "id": "D3-PHRA",
76388
+ "name": "Process Hardware Resource Access",
76389
+ "tactic": "Isolate"
76390
+ },
76391
+ {
76392
+ "id": "D3-PSEP",
76393
+ "name": "Process Segment Execution Prevention",
76394
+ "tactic": "Harden"
76395
+ }
76396
+ ],
76397
+ "framework_gaps": [
76398
+ {
76399
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
76400
+ "framework": "ALL",
76401
+ "control_name": "AI Pipeline Integrity"
76402
+ },
76403
+ {
76404
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
76405
+ "framework": "ALL",
76406
+ "control_name": "Prompt Injection as Access Control Failure"
76407
+ },
76408
+ {
76409
+ "id": "CIS-Controls-v8-Control7",
76410
+ "framework": "CIS Controls v8",
76411
+ "control_name": "Continuous Vulnerability Management"
76412
+ },
76413
+ {
76414
+ "id": "CMMC-2.0-Level-2",
76415
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
76416
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
76417
+ },
76418
+ {
76419
+ "id": "FedRAMP-Rev5-Moderate",
76420
+ "framework": "FedRAMP Rev 5 Moderate",
76421
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
76422
+ },
76423
+ {
76424
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
76425
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
76426
+ "control_name": "Access control standard (technical safeguards)"
76427
+ },
76428
+ {
76429
+ "id": "ISO-27001-2022-A.8.16",
76430
+ "framework": "ISO/IEC 27001:2022",
76431
+ "control_name": "Monitoring activities"
76432
+ },
76433
+ {
76434
+ "id": "ISO-27001-2022-A.8.28",
76435
+ "framework": "ISO/IEC 27001:2022",
76436
+ "control_name": "Secure coding"
76437
+ },
76438
+ {
76439
+ "id": "ISO-27001-2022-A.8.8",
76440
+ "framework": "ISO/IEC 27001:2022",
76441
+ "control_name": "Management of technical vulnerabilities"
76442
+ },
76443
+ {
76444
+ "id": "ISO-IEC-23894-2023-clause-7",
76445
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
76446
+ "control_name": "AI risk management process"
76447
+ },
76448
+ {
76449
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
76450
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
76451
+ "control_name": "AI risk assessment"
76452
+ },
76453
+ {
76454
+ "id": "NIS2-Art21-patch-management",
76455
+ "framework": "EU NIS2 Directive",
76456
+ "control_name": "Vulnerability handling and disclosure"
76457
+ },
76458
+ {
76459
+ "id": "NIST-800-218-SSDF",
76460
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
76461
+ "control_name": "Secure Software Development Framework"
76462
+ },
76463
+ {
76464
+ "id": "NIST-800-53-AC-2",
76465
+ "framework": "NIST SP 800-53 Rev 5",
76466
+ "control_name": "Account Management"
76467
+ },
76468
+ {
76469
+ "id": "NIST-800-53-SC-28",
76470
+ "framework": "NIST SP 800-53 Rev 5",
76471
+ "control_name": "Protection of Information at Rest"
76472
+ },
76473
+ {
76474
+ "id": "NIST-800-53-SC-7",
76475
+ "framework": "NIST SP 800-53 Rev 5",
76476
+ "control_name": "Boundary Protection"
76477
+ },
76478
+ {
76479
+ "id": "NIST-800-53-SC-8",
76480
+ "framework": "NIST SP 800-53 Rev 5",
76481
+ "control_name": "Transmission Confidentiality and Integrity"
76482
+ },
76483
+ {
76484
+ "id": "NIST-800-53-SI-2",
76485
+ "framework": "NIST SP 800-53 Rev 5",
76486
+ "control_name": "Flaw Remediation"
76487
+ },
76488
+ {
76489
+ "id": "NIST-800-53-SI-3",
76490
+ "framework": "NIST SP 800-53 Rev 5",
76491
+ "control_name": "Malicious Code Protection"
76492
+ },
76493
+ {
76494
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
76495
+ "framework": "OWASP Top 10 for LLM Applications 2025",
76496
+ "control_name": "Prompt Injection"
76497
+ },
76498
+ {
76499
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
76500
+ "framework": "OWASP Top 10 for LLM Applications 2025",
76501
+ "control_name": "Sensitive Information Disclosure"
76502
+ },
76503
+ {
76504
+ "id": "PCI-DSS-4.0-6.3.3",
76505
+ "framework": "PCI DSS 4.0",
76506
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
76507
+ },
76508
+ {
76509
+ "id": "SOC2-CC6-logical-access",
76510
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
76511
+ "control_name": "Logical and Physical Access Controls"
76512
+ },
76513
+ {
76514
+ "id": "SOC2-CC7-anomaly-detection",
76515
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
76516
+ "control_name": "System Operations — Threat and Vulnerability Management"
76517
+ },
76518
+ {
76519
+ "id": "SOC2-CC9-vendor-management",
76520
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
76521
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
76522
+ }
76523
+ ],
76524
+ "attack_refs": [
76525
+ "T1041",
76526
+ "T1059",
76527
+ "T1068",
76528
+ "T1071",
76529
+ "T1102",
76530
+ "T1190",
76531
+ "T1213",
76532
+ "T1530",
76533
+ "T1548.001",
76534
+ "T1566",
76535
+ "T1567",
76536
+ "T1568"
76537
+ ],
76538
+ "rfc_refs": [
76539
+ "RFC-4301",
76540
+ "RFC-4303",
76541
+ "RFC-7296",
76542
+ "RFC-8446",
76543
+ "RFC-9000",
76544
+ "RFC-9114",
76545
+ "RFC-9180",
76546
+ "RFC-9421",
76547
+ "RFC-9458"
76548
+ ]
76549
+ }
76550
+ },
76551
+ "CVE-2026-3060": {
76552
+ "name": "SGLang Encoder-Parallel Disaggregation Unauthenticated Deserialization RCE",
76553
+ "rwep": 31,
76554
+ "cvss": 9.8,
76555
+ "cisa_kev": false,
76556
+ "epss_score": 0.01945,
76557
+ "referencing_skills": [
76558
+ "kernel-lpe-triage",
76559
+ "ai-attack-surface",
76560
+ "compliance-theater",
76561
+ "ai-c2-detection",
76562
+ "dlp-gap-analysis",
76563
+ "coordinated-vuln-disclosure"
76564
+ ],
76565
+ "chain": {
76566
+ "cwes": [
76567
+ {
76568
+ "id": "CWE-1039",
76569
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
76570
+ "category": "AI/ML"
76571
+ },
76572
+ {
76573
+ "id": "CWE-125",
76574
+ "name": "Out-of-bounds Read",
76575
+ "category": "Memory Safety"
76576
+ },
76577
+ {
76578
+ "id": "CWE-1357",
76579
+ "name": "Reliance on Insufficiently Trustworthy Component",
76580
+ "category": "Supply Chain"
76581
+ },
76582
+ {
76583
+ "id": "CWE-1426",
76584
+ "name": "Improper Validation of Generative AI Output",
76585
+ "category": "AI/ML"
76586
+ },
76587
+ {
76588
+ "id": "CWE-200",
76589
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
76590
+ "category": "Information Exposure"
76591
+ },
76592
+ {
76593
+ "id": "CWE-362",
76594
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
76595
+ "category": "Concurrency"
76596
+ },
76597
+ {
76598
+ "id": "CWE-416",
76599
+ "name": "Use After Free",
76600
+ "category": "Memory Safety"
76601
+ },
76602
+ {
76603
+ "id": "CWE-672",
76604
+ "name": "Operation on a Resource after Expiration or Release",
76605
+ "category": "Memory Safety"
76606
+ },
76607
+ {
76608
+ "id": "CWE-787",
76609
+ "name": "Out-of-bounds Write",
76610
+ "category": "Memory Safety"
76611
+ },
76612
+ {
76613
+ "id": "CWE-94",
76614
+ "name": "Improper Control of Generation of Code (Code Injection)",
76615
+ "category": "Injection"
76616
+ }
76617
+ ],
76618
+ "atlas": [
76619
+ {
76620
+ "id": "AML.T0016",
76621
+ "name": "Obtain Capabilities: Develop Capabilities",
76622
+ "tactic": "Resource Development"
76623
+ },
76624
+ {
76625
+ "id": "AML.T0017",
76626
+ "name": "Discover ML Model Ontology",
76627
+ "tactic": "Discovery"
76628
+ },
76629
+ {
76630
+ "id": "AML.T0018",
76631
+ "name": "Backdoor ML Model",
76632
+ "tactic": "Persistence"
76633
+ },
76634
+ {
76635
+ "id": "AML.T0020",
76636
+ "name": "Poison Training Data",
76637
+ "tactic": "ML Attack Staging"
76638
+ },
76639
+ {
76640
+ "id": "AML.T0043",
76641
+ "name": "Craft Adversarial Data",
76642
+ "tactic": "ML Attack Staging"
76643
+ },
76644
+ {
76645
+ "id": "AML.T0051",
76646
+ "name": "LLM Prompt Injection",
76647
+ "tactic": "Execution"
76648
+ },
76649
+ {
76650
+ "id": "AML.T0054",
76651
+ "name": "LLM Jailbreak",
76652
+ "tactic": "Defense Evasion"
76653
+ },
76654
+ {
76655
+ "id": "AML.T0096",
76656
+ "name": "AI API as Covert C2 Channel",
76657
+ "tactic": "Command and Control"
76658
+ }
76659
+ ],
76660
+ "d3fend": [
76661
+ {
76662
+ "id": "D3-ASLR",
76663
+ "name": "Address Space Layout Randomization",
76664
+ "tactic": "Harden"
76665
+ },
76666
+ {
76667
+ "id": "D3-CA",
76668
+ "name": "Certificate Analysis",
76669
+ "tactic": "Detect"
76670
+ },
76671
+ {
76672
+ "id": "D3-CSPP",
76673
+ "name": "Client-server Payload Profiling",
76674
+ "tactic": "Detect"
76675
+ },
76676
+ {
76677
+ "id": "D3-DA",
76678
+ "name": "Domain Analysis",
76679
+ "tactic": "Detect"
76680
+ },
76681
+ {
76682
+ "id": "D3-EAL",
76683
+ "name": "Executable Allowlisting",
76684
+ "tactic": "Harden"
76685
+ },
76686
+ {
76687
+ "id": "D3-IOPR",
76688
+ "name": "Input/Output Profiling Resource",
76689
+ "tactic": "Detect"
76690
+ },
76691
+ {
76692
+ "id": "D3-NI",
76693
+ "name": "Network Isolation",
76694
+ "tactic": "Isolate"
76695
+ },
76696
+ {
76697
+ "id": "D3-NTA",
76698
+ "name": "Network Traffic Analysis",
76699
+ "tactic": "Detect"
76700
+ },
76701
+ {
76702
+ "id": "D3-NTPM",
76703
+ "name": "Network Traffic Policy Mapping",
76704
+ "tactic": "Model"
76705
+ },
76706
+ {
76707
+ "id": "D3-PHRA",
76708
+ "name": "Process Hardware Resource Access",
76709
+ "tactic": "Isolate"
76710
+ },
76711
+ {
76712
+ "id": "D3-PSEP",
76713
+ "name": "Process Segment Execution Prevention",
76714
+ "tactic": "Harden"
76715
+ }
76716
+ ],
76717
+ "framework_gaps": [
76718
+ {
76719
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
76720
+ "framework": "ALL",
76721
+ "control_name": "AI Pipeline Integrity"
76722
+ },
76723
+ {
76724
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
76725
+ "framework": "ALL",
76726
+ "control_name": "Prompt Injection as Access Control Failure"
76727
+ },
76728
+ {
76729
+ "id": "CIS-Controls-v8-Control7",
76730
+ "framework": "CIS Controls v8",
76731
+ "control_name": "Continuous Vulnerability Management"
76732
+ },
76733
+ {
76734
+ "id": "CMMC-2.0-Level-2",
76735
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
76736
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
76737
+ },
76738
+ {
76739
+ "id": "FedRAMP-Rev5-Moderate",
76740
+ "framework": "FedRAMP Rev 5 Moderate",
76741
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
76742
+ },
76743
+ {
76744
+ "id": "HIPAA-Security-Rule-164.312(a)(1)",
76745
+ "framework": "HIPAA Security Rule (45 CFR § 164.312)",
76746
+ "control_name": "Access control standard (technical safeguards)"
76747
+ },
76748
+ {
76749
+ "id": "ISO-27001-2022-A.8.16",
76750
+ "framework": "ISO/IEC 27001:2022",
76751
+ "control_name": "Monitoring activities"
76752
+ },
76753
+ {
76754
+ "id": "ISO-27001-2022-A.8.28",
76755
+ "framework": "ISO/IEC 27001:2022",
76756
+ "control_name": "Secure coding"
76757
+ },
76758
+ {
76759
+ "id": "ISO-27001-2022-A.8.8",
76760
+ "framework": "ISO/IEC 27001:2022",
76761
+ "control_name": "Management of technical vulnerabilities"
76762
+ },
76763
+ {
76764
+ "id": "ISO-IEC-23894-2023-clause-7",
76765
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
76766
+ "control_name": "AI risk management process"
76767
+ },
76768
+ {
76769
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
76770
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
76771
+ "control_name": "AI risk assessment"
76772
+ },
76773
+ {
76774
+ "id": "NIS2-Art21-patch-management",
76775
+ "framework": "EU NIS2 Directive",
76776
+ "control_name": "Vulnerability handling and disclosure"
76777
+ },
76778
+ {
76779
+ "id": "NIST-800-218-SSDF",
76780
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
76781
+ "control_name": "Secure Software Development Framework"
76782
+ },
76783
+ {
76784
+ "id": "NIST-800-53-AC-2",
76785
+ "framework": "NIST SP 800-53 Rev 5",
76786
+ "control_name": "Account Management"
76787
+ },
76788
+ {
76789
+ "id": "NIST-800-53-SC-28",
76790
+ "framework": "NIST SP 800-53 Rev 5",
76791
+ "control_name": "Protection of Information at Rest"
76792
+ },
76793
+ {
76794
+ "id": "NIST-800-53-SC-7",
76795
+ "framework": "NIST SP 800-53 Rev 5",
76796
+ "control_name": "Boundary Protection"
76797
+ },
76798
+ {
76799
+ "id": "NIST-800-53-SC-8",
76800
+ "framework": "NIST SP 800-53 Rev 5",
76801
+ "control_name": "Transmission Confidentiality and Integrity"
76802
+ },
76803
+ {
76804
+ "id": "NIST-800-53-SI-2",
76805
+ "framework": "NIST SP 800-53 Rev 5",
76806
+ "control_name": "Flaw Remediation"
76807
+ },
76808
+ {
76809
+ "id": "NIST-800-53-SI-3",
76810
+ "framework": "NIST SP 800-53 Rev 5",
76811
+ "control_name": "Malicious Code Protection"
76812
+ },
76813
+ {
76814
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
76815
+ "framework": "OWASP Top 10 for LLM Applications 2025",
76816
+ "control_name": "Prompt Injection"
76817
+ },
76818
+ {
76819
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
76820
+ "framework": "OWASP Top 10 for LLM Applications 2025",
76821
+ "control_name": "Sensitive Information Disclosure"
76822
+ },
76823
+ {
76824
+ "id": "PCI-DSS-4.0-6.3.3",
76825
+ "framework": "PCI DSS 4.0",
76826
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
76827
+ },
76828
+ {
76829
+ "id": "SOC2-CC6-logical-access",
76830
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
76831
+ "control_name": "Logical and Physical Access Controls"
76832
+ },
76833
+ {
76834
+ "id": "SOC2-CC7-anomaly-detection",
76835
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
76836
+ "control_name": "System Operations — Threat and Vulnerability Management"
76837
+ },
76838
+ {
76839
+ "id": "SOC2-CC9-vendor-management",
76840
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
76841
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
76842
+ }
76843
+ ],
76844
+ "attack_refs": [
76845
+ "T1041",
76846
+ "T1059",
76847
+ "T1068",
76848
+ "T1071",
76849
+ "T1102",
76850
+ "T1190",
76851
+ "T1213",
76852
+ "T1530",
76853
+ "T1548.001",
76854
+ "T1566",
76855
+ "T1567",
76856
+ "T1568"
76857
+ ],
76858
+ "rfc_refs": [
76859
+ "RFC-4301",
76860
+ "RFC-4303",
76861
+ "RFC-7296",
76862
+ "RFC-8446",
76863
+ "RFC-9000",
76864
+ "RFC-9114",
76865
+ "RFC-9180",
76866
+ "RFC-9421",
76867
+ "RFC-9458"
76868
+ ]
76869
+ }
76870
+ },
76871
+ "CVE-2026-21877": {
76872
+ "name": "n8n Git Node Arbitrary File Write Authenticated RCE",
76873
+ "rwep": 29,
76874
+ "cvss": 9.9,
76875
+ "cisa_kev": false,
76876
+ "epss_score": 0.10735,
76877
+ "referencing_skills": [
76878
+ "ai-attack-surface",
76879
+ "compliance-theater",
76880
+ "rag-pipeline-security",
76881
+ "ai-c2-detection",
76882
+ "threat-modeling-methodology",
76883
+ "webapp-security",
76884
+ "api-security",
76885
+ "container-runtime-security",
76886
+ "email-security-anti-phishing"
76887
+ ],
76888
+ "chain": {
76889
+ "cwes": [
76890
+ {
76891
+ "id": "CWE-1039",
76892
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
76893
+ "category": "AI/ML"
76894
+ },
76895
+ {
76896
+ "id": "CWE-1188",
76897
+ "name": "Initialization of a Resource with an Insecure Default",
76898
+ "category": "Configuration"
76899
+ },
76900
+ {
76901
+ "id": "CWE-1395",
76902
+ "name": "Dependency on Vulnerable Third-Party Component",
76903
+ "category": "Supply Chain"
76904
+ },
76905
+ {
76906
+ "id": "CWE-1426",
76907
+ "name": "Improper Validation of Generative AI Output",
76908
+ "category": "AI/ML"
76909
+ },
76910
+ {
76911
+ "id": "CWE-200",
76912
+ "name": "Exposure of Sensitive Information to an Unauthorized Actor",
76913
+ "category": "Information Exposure"
76914
+ },
76915
+ {
76916
+ "id": "CWE-22",
76917
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
76918
+ "category": "Path/Resource"
76919
+ },
76920
+ {
76921
+ "id": "CWE-269",
76922
+ "name": "Improper Privilege Management",
76923
+ "category": "Authorization"
76924
+ },
76925
+ {
76926
+ "id": "CWE-287",
76927
+ "name": "Improper Authentication",
76928
+ "category": "Authentication"
76929
+ },
76930
+ {
76931
+ "id": "CWE-352",
76932
+ "name": "Cross-Site Request Forgery (CSRF)",
76933
+ "category": "Session"
76934
+ },
76935
+ {
76936
+ "id": "CWE-434",
76937
+ "name": "Unrestricted Upload of File with Dangerous Type",
76938
+ "category": "File Handling"
76939
+ },
76940
+ {
76941
+ "id": "CWE-502",
76942
+ "name": "Deserialization of Untrusted Data",
76943
+ "category": "Serialization"
76944
+ },
76945
+ {
76946
+ "id": "CWE-732",
76947
+ "name": "Incorrect Permission Assignment for Critical Resource",
76948
+ "category": "Authorization"
76949
+ },
76950
+ {
76951
+ "id": "CWE-77",
76952
+ "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
76953
+ "category": "Injection"
76954
+ },
76955
+ {
76956
+ "id": "CWE-78",
76957
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
76958
+ "category": "Injection"
76959
+ },
76960
+ {
76961
+ "id": "CWE-787",
76962
+ "name": "Out-of-bounds Write",
76963
+ "category": "Memory Safety"
76964
+ },
76965
+ {
76966
+ "id": "CWE-79",
76967
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
76968
+ "category": "Injection"
76969
+ },
76970
+ {
76971
+ "id": "CWE-862",
76972
+ "name": "Missing Authorization",
76973
+ "category": "Authorization"
76974
+ },
76975
+ {
76976
+ "id": "CWE-863",
76977
+ "name": "Incorrect Authorization",
76978
+ "category": "Authorization"
76979
+ },
76980
+ {
76981
+ "id": "CWE-89",
76982
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
76983
+ "category": "Injection"
76984
+ },
76985
+ {
76986
+ "id": "CWE-918",
76987
+ "name": "Server-Side Request Forgery (SSRF)",
76988
+ "category": "Network"
76989
+ },
76990
+ {
76991
+ "id": "CWE-94",
76992
+ "name": "Improper Control of Generation of Code (Code Injection)",
76993
+ "category": "Injection"
76994
+ }
76995
+ ],
76996
+ "atlas": [
76997
+ {
76998
+ "id": "AML.T0010",
76999
+ "name": "ML Supply Chain Compromise",
77000
+ "tactic": "Initial Access"
77001
+ },
77002
+ {
77003
+ "id": "AML.T0016",
77004
+ "name": "Obtain Capabilities: Develop Capabilities",
77005
+ "tactic": "Resource Development"
77006
+ },
77007
+ {
77008
+ "id": "AML.T0017",
77009
+ "name": "Discover ML Model Ontology",
77010
+ "tactic": "Discovery"
77011
+ },
77012
+ {
77013
+ "id": "AML.T0018",
77014
+ "name": "Backdoor ML Model",
77015
+ "tactic": "Persistence"
77016
+ },
77017
+ {
77018
+ "id": "AML.T0020",
77019
+ "name": "Poison Training Data",
77020
+ "tactic": "ML Attack Staging"
77021
+ },
77022
+ {
77023
+ "id": "AML.T0043",
77024
+ "name": "Craft Adversarial Data",
77025
+ "tactic": "ML Attack Staging"
77026
+ },
77027
+ {
77028
+ "id": "AML.T0051",
77029
+ "name": "LLM Prompt Injection",
77030
+ "tactic": "Execution"
77031
+ },
77032
+ {
77033
+ "id": "AML.T0054",
77034
+ "name": "LLM Jailbreak",
77035
+ "tactic": "Defense Evasion"
77036
+ },
77037
+ {
77038
+ "id": "AML.T0096",
77039
+ "name": "AI API as Covert C2 Channel",
77040
+ "tactic": "Command and Control"
77041
+ }
77042
+ ],
77043
+ "d3fend": [
77044
+ {
77045
+ "id": "D3-CA",
77046
+ "name": "Certificate Analysis",
77047
+ "tactic": "Detect"
77048
+ },
77049
+ {
77050
+ "id": "D3-CSPP",
77051
+ "name": "Client-server Payload Profiling",
77052
+ "tactic": "Detect"
77053
+ },
77054
+ {
77055
+ "id": "D3-DA",
77056
+ "name": "Domain Analysis",
77057
+ "tactic": "Detect"
77058
+ },
77059
+ {
77060
+ "id": "D3-IOPR",
77061
+ "name": "Input/Output Profiling Resource",
77062
+ "tactic": "Detect"
77063
+ },
77064
+ {
77065
+ "id": "D3-NI",
77066
+ "name": "Network Isolation",
77067
+ "tactic": "Isolate"
77068
+ },
77069
+ {
77070
+ "id": "D3-NTA",
77071
+ "name": "Network Traffic Analysis",
77072
+ "tactic": "Detect"
77073
+ },
77074
+ {
77075
+ "id": "D3-NTPM",
77076
+ "name": "Network Traffic Policy Mapping",
77077
+ "tactic": "Model"
77078
+ }
77079
+ ],
77080
+ "framework_gaps": [
77081
+ {
77082
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
77083
+ "framework": "ALL",
77084
+ "control_name": "AI Pipeline Integrity"
77085
+ },
77086
+ {
77087
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
77088
+ "framework": "ALL",
77089
+ "control_name": "Prompt Injection as Access Control Failure"
77090
+ },
77091
+ {
77092
+ "id": "CMMC-2.0-Level-2",
77093
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
77094
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
77095
+ },
77096
+ {
77097
+ "id": "FedRAMP-Rev5-Moderate",
77098
+ "framework": "FedRAMP Rev 5 Moderate",
77099
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
77100
+ },
77101
+ {
77102
+ "id": "ISO-27001-2022-A.8.16",
77103
+ "framework": "ISO/IEC 27001:2022",
77104
+ "control_name": "Monitoring activities"
77105
+ },
77106
+ {
77107
+ "id": "ISO-27001-2022-A.8.28",
77108
+ "framework": "ISO/IEC 27001:2022",
77109
+ "control_name": "Secure coding"
77110
+ },
77111
+ {
77112
+ "id": "ISO-IEC-23894-2023-clause-7",
77113
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
77114
+ "control_name": "AI risk management process"
77115
+ },
77116
+ {
77117
+ "id": "ISO-IEC-42001-2023-clause-6.1.2",
77118
+ "framework": "ISO/IEC 42001:2023 (AI Management System)",
77119
+ "control_name": "AI risk assessment"
77120
+ },
77121
+ {
77122
+ "id": "NIST-800-218-SSDF",
77123
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
77124
+ "control_name": "Secure Software Development Framework"
77125
+ },
77126
+ {
77127
+ "id": "NIST-800-53-AC-2",
77128
+ "framework": "NIST SP 800-53 Rev 5",
77129
+ "control_name": "Account Management"
77130
+ },
77131
+ {
77132
+ "id": "NIST-800-53-CM-7",
77133
+ "framework": "NIST SP 800-53 Rev 5",
77134
+ "control_name": "Least Functionality"
77135
+ },
77136
+ {
77137
+ "id": "NIST-800-53-SC-7",
77138
+ "framework": "NIST SP 800-53 Rev 5",
77139
+ "control_name": "Boundary Protection"
77140
+ },
77141
+ {
77142
+ "id": "NIST-800-53-SI-12",
77143
+ "framework": "NIST SP 800-53 Rev 5",
77144
+ "control_name": "Information Management and Retention"
77145
+ },
77146
+ {
77147
+ "id": "NIST-800-53-SI-3",
77148
+ "framework": "NIST SP 800-53 Rev 5",
77149
+ "control_name": "Malicious Code Protection"
77150
+ },
77151
+ {
77152
+ "id": "NIST-AI-RMF-MEASURE-2.5",
77153
+ "framework": "NIST AI RMF 1.0",
77154
+ "control_name": "AI system to human interaction evaluation"
77155
+ },
77156
+ {
77157
+ "id": "OWASP-ASVS-v5.0-V14",
77158
+ "framework": "OWASP ASVS v5.0",
77159
+ "control_name": "Configuration verification"
77160
+ },
77161
+ {
77162
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
77163
+ "framework": "OWASP Top 10 for LLM Applications 2025",
77164
+ "control_name": "Prompt Injection"
77165
+ },
77166
+ {
77167
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
77168
+ "framework": "OWASP Top 10 for LLM Applications 2025",
77169
+ "control_name": "Sensitive Information Disclosure"
77170
+ },
77171
+ {
77172
+ "id": "OWASP-LLM-Top-10-2025-LLM08",
77173
+ "framework": "OWASP Top 10 for LLM Applications 2025",
77174
+ "control_name": "Vector and Embedding Weaknesses"
77175
+ },
77176
+ {
77177
+ "id": "SLSA-v1.0-Build-L3",
77178
+ "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
77179
+ "control_name": "Hardened build platform with non-falsifiable provenance"
77180
+ },
77181
+ {
77182
+ "id": "SOC2-CC6-logical-access",
77183
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
77184
+ "control_name": "Logical and Physical Access Controls"
77185
+ },
77186
+ {
77187
+ "id": "SOC2-CC7-anomaly-detection",
77188
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
77189
+ "control_name": "System Operations — Threat and Vulnerability Management"
77190
+ }
77191
+ ],
77192
+ "attack_refs": [
77193
+ "T1059",
77194
+ "T1068",
77195
+ "T1071",
77196
+ "T1078",
77197
+ "T1102",
77198
+ "T1190",
77199
+ "T1505",
77200
+ "T1565",
77201
+ "T1566",
77202
+ "T1566.001",
77203
+ "T1566.002",
77204
+ "T1566.003",
77205
+ "T1567",
77206
+ "T1568",
77207
+ "T1610",
77208
+ "T1611"
77209
+ ],
77210
+ "rfc_refs": [
77211
+ "RFC-6749",
77212
+ "RFC-7519",
77213
+ "RFC-8032",
77214
+ "RFC-8446",
77215
+ "RFC-8725",
77216
+ "RFC-9000",
77217
+ "RFC-9114",
77218
+ "RFC-9180",
77219
+ "RFC-9421",
77220
+ "RFC-9458",
77221
+ "RFC-9700"
77222
+ ]
77223
+ }
77224
+ },
76231
77225
  "CWE-20": {
76232
77226
  "name": "Improper Input Validation",
76233
77227
  "category": "Validation",
@@ -76567,6 +77561,7 @@
76567
77561
  "CVE-2025-8747",
76568
77562
  "CVE-2026-0766",
76569
77563
  "CVE-2026-21858",
77564
+ "CVE-2026-21877",
76570
77565
  "CVE-2026-22218",
76571
77566
  "CVE-2026-22252",
76572
77567
  "CVE-2026-22688",
@@ -76806,6 +77801,7 @@
76806
77801
  "CVE-2025-68668",
76807
77802
  "CVE-2025-6965",
76808
77803
  "CVE-2026-21858",
77804
+ "CVE-2026-21877",
76809
77805
  "CVE-2026-22218",
76810
77806
  "CVE-2026-30615",
76811
77807
  "CVE-2026-30623",
@@ -77017,6 +78013,7 @@
77017
78013
  "CVE-2025-8747",
77018
78014
  "CVE-2026-0766",
77019
78015
  "CVE-2026-21858",
78016
+ "CVE-2026-21877",
77020
78017
  "CVE-2026-22218",
77021
78018
  "CVE-2026-22252",
77022
78019
  "CVE-2026-22688",
@@ -77239,6 +78236,7 @@
77239
78236
  "CVE-2025-8747",
77240
78237
  "CVE-2026-0766",
77241
78238
  "CVE-2026-21858",
78239
+ "CVE-2026-21877",
77242
78240
  "CVE-2026-22218",
77243
78241
  "CVE-2026-22252",
77244
78242
  "CVE-2026-22688",
@@ -77475,6 +78473,7 @@
77475
78473
  "CVE-2025-8747",
77476
78474
  "CVE-2026-0766",
77477
78475
  "CVE-2026-21858",
78476
+ "CVE-2026-21877",
77478
78477
  "CVE-2026-22218",
77479
78478
  "CVE-2026-22252",
77480
78479
  "CVE-2026-22688",
@@ -77826,6 +78825,7 @@
77826
78825
  "CVE-2025-8747",
77827
78826
  "CVE-2026-0766",
77828
78827
  "CVE-2026-21858",
78828
+ "CVE-2026-21877",
77829
78829
  "CVE-2026-22218",
77830
78830
  "CVE-2026-22219",
77831
78831
  "CVE-2026-22252",
@@ -77839,6 +78839,8 @@
77839
78839
  "CVE-2026-25592",
77840
78840
  "CVE-2026-26015",
77841
78841
  "CVE-2026-26190",
78842
+ "CVE-2026-3059",
78843
+ "CVE-2026-3060",
77842
78844
  "CVE-2026-30615",
77843
78845
  "CVE-2026-30616",
77844
78846
  "CVE-2026-30617",
@@ -78301,6 +79303,8 @@
78301
79303
  "CVE-2026-26015",
78302
79304
  "CVE-2026-26190",
78303
79305
  "CVE-2026-3055",
79306
+ "CVE-2026-3059",
79307
+ "CVE-2026-3060",
78304
79308
  "CVE-2026-30616",
78305
79309
  "CVE-2026-30617",
78306
79310
  "CVE-2026-30624",
@@ -78600,8 +79604,11 @@
78600
79604
  "CVE-2025-68668",
78601
79605
  "CVE-2025-6965",
78602
79606
  "CVE-2026-21858",
79607
+ "CVE-2026-21877",
78603
79608
  "CVE-2026-22218",
78604
79609
  "CVE-2026-22219",
79610
+ "CVE-2026-3059",
79611
+ "CVE-2026-3060",
78605
79612
  "CVE-2026-30615",
78606
79613
  "CVE-2026-30623",
78607
79614
  "CVE-2026-31229",
@@ -79026,6 +80033,7 @@
79026
80033
  "CVE-2025-8747",
79027
80034
  "CVE-2026-0766",
79028
80035
  "CVE-2026-21858",
80036
+ "CVE-2026-21877",
79029
80037
  "CVE-2026-22218",
79030
80038
  "CVE-2026-22252",
79031
80039
  "CVE-2026-22688",
@@ -79687,6 +80695,7 @@
79687
80695
  "CVE-2025-8747",
79688
80696
  "CVE-2026-0766",
79689
80697
  "CVE-2026-21858",
80698
+ "CVE-2026-21877",
79690
80699
  "CVE-2026-22218",
79691
80700
  "CVE-2026-22252",
79692
80701
  "CVE-2026-22688",
@@ -80704,6 +81713,7 @@
80704
81713
  "CVE-2025-8747",
80705
81714
  "CVE-2026-0766",
80706
81715
  "CVE-2026-21858",
81716
+ "CVE-2026-21877",
80707
81717
  "CVE-2026-22218",
80708
81718
  "CVE-2026-22252",
80709
81719
  "CVE-2026-22688",
@@ -81180,6 +82190,8 @@
81180
82190
  "CVE-2026-26015",
81181
82191
  "CVE-2026-26190",
81182
82192
  "CVE-2026-3055",
82193
+ "CVE-2026-3059",
82194
+ "CVE-2026-3060",
81183
82195
  "CVE-2026-30616",
81184
82196
  "CVE-2026-30617",
81185
82197
  "CVE-2026-30624",
@@ -81643,6 +82655,8 @@
81643
82655
  "CVE-2026-26015",
81644
82656
  "CVE-2026-26190",
81645
82657
  "CVE-2026-3055",
82658
+ "CVE-2026-3059",
82659
+ "CVE-2026-3060",
81646
82660
  "CVE-2026-30616",
81647
82661
  "CVE-2026-30617",
81648
82662
  "CVE-2026-30624",
@@ -81964,6 +82978,7 @@
81964
82978
  "CVE-2025-8747",
81965
82979
  "CVE-2026-0766",
81966
82980
  "CVE-2026-21858",
82981
+ "CVE-2026-21877",
81967
82982
  "CVE-2026-22218",
81968
82983
  "CVE-2026-22252",
81969
82984
  "CVE-2026-22688",
@@ -82416,6 +83431,7 @@
82416
83431
  "CVE-2025-68668",
82417
83432
  "CVE-2025-6965",
82418
83433
  "CVE-2026-21858",
83434
+ "CVE-2026-21877",
82419
83435
  "CVE-2026-22218",
82420
83436
  "CVE-2026-30615",
82421
83437
  "CVE-2026-30623",
@@ -83027,6 +84043,8 @@
83027
84043
  "CVE-2026-26015",
83028
84044
  "CVE-2026-26190",
83029
84045
  "CVE-2026-3055",
84046
+ "CVE-2026-3059",
84047
+ "CVE-2026-3060",
83030
84048
  "CVE-2026-30616",
83031
84049
  "CVE-2026-30617",
83032
84050
  "CVE-2026-30624",
@@ -83412,6 +84430,7 @@
83412
84430
  "CVE-2025-8747",
83413
84431
  "CVE-2026-0766",
83414
84432
  "CVE-2026-21858",
84433
+ "CVE-2026-21877",
83415
84434
  "CVE-2026-22218",
83416
84435
  "CVE-2026-22252",
83417
84436
  "CVE-2026-22688",
@@ -83967,6 +84986,7 @@
83967
84986
  "CVE-2026-21533",
83968
84987
  "CVE-2026-21643",
83969
84988
  "CVE-2026-21858",
84989
+ "CVE-2026-21877",
83970
84990
  "CVE-2026-22218",
83971
84991
  "CVE-2026-22252",
83972
84992
  "CVE-2026-22688",
@@ -83987,6 +85007,8 @@
83987
85007
  "CVE-2026-26015",
83988
85008
  "CVE-2026-26190",
83989
85009
  "CVE-2026-3055",
85010
+ "CVE-2026-3059",
85011
+ "CVE-2026-3060",
83990
85012
  "CVE-2026-30615",
83991
85013
  "CVE-2026-30616",
83992
85014
  "CVE-2026-30617",
@@ -84731,6 +85753,7 @@
84731
85753
  "CVE-2025-68668",
84732
85754
  "CVE-2025-6965",
84733
85755
  "CVE-2026-21858",
85756
+ "CVE-2026-21877",
84734
85757
  "CVE-2026-22218",
84735
85758
  "CVE-2026-30615",
84736
85759
  "CVE-2026-30623",
@@ -85036,6 +86059,7 @@
85036
86059
  "CVE-2025-68668",
85037
86060
  "CVE-2025-6965",
85038
86061
  "CVE-2026-21858",
86062
+ "CVE-2026-21877",
85039
86063
  "CVE-2026-22218",
85040
86064
  "CVE-2026-30615",
85041
86065
  "CVE-2026-30623",
@@ -85419,6 +86443,7 @@
85419
86443
  "CVE-2025-8747",
85420
86444
  "CVE-2026-0766",
85421
86445
  "CVE-2026-21858",
86446
+ "CVE-2026-21877",
85422
86447
  "CVE-2026-22218",
85423
86448
  "CVE-2026-22252",
85424
86449
  "CVE-2026-22688",
@@ -85790,6 +86815,7 @@
85790
86815
  "CVE-2025-8747",
85791
86816
  "CVE-2026-0766",
85792
86817
  "CVE-2026-21858",
86818
+ "CVE-2026-21877",
85793
86819
  "CVE-2026-22218",
85794
86820
  "CVE-2026-22219",
85795
86821
  "CVE-2026-22252",
@@ -85803,6 +86829,8 @@
85803
86829
  "CVE-2026-25592",
85804
86830
  "CVE-2026-26015",
85805
86831
  "CVE-2026-26190",
86832
+ "CVE-2026-3059",
86833
+ "CVE-2026-3060",
85806
86834
  "CVE-2026-30616",
85807
86835
  "CVE-2026-30617",
85808
86836
  "CVE-2026-30623",
@@ -85999,6 +87027,7 @@
85999
87027
  "CVE-2025-68668",
86000
87028
  "CVE-2025-6965",
86001
87029
  "CVE-2026-21858",
87030
+ "CVE-2026-21877",
86002
87031
  "CVE-2026-22218",
86003
87032
  "CVE-2026-30615",
86004
87033
  "CVE-2026-30623",
@@ -86462,6 +87491,8 @@
86462
87491
  "CVE-2026-26015",
86463
87492
  "CVE-2026-26190",
86464
87493
  "CVE-2026-3055",
87494
+ "CVE-2026-3059",
87495
+ "CVE-2026-3060",
86465
87496
  "CVE-2026-30615",
86466
87497
  "CVE-2026-30616",
86467
87498
  "CVE-2026-30617",
@@ -86780,6 +87811,7 @@
86780
87811
  "CVE-2025-8747",
86781
87812
  "CVE-2026-0766",
86782
87813
  "CVE-2026-21858",
87814
+ "CVE-2026-21877",
86783
87815
  "CVE-2026-22218",
86784
87816
  "CVE-2026-22252",
86785
87817
  "CVE-2026-22688",
@@ -87142,6 +88174,7 @@
87142
88174
  "CVE-2025-8747",
87143
88175
  "CVE-2026-0766",
87144
88176
  "CVE-2026-21858",
88177
+ "CVE-2026-21877",
87145
88178
  "CVE-2026-22218",
87146
88179
  "CVE-2026-22219",
87147
88180
  "CVE-2026-22252",
@@ -87155,6 +88188,8 @@
87155
88188
  "CVE-2026-25592",
87156
88189
  "CVE-2026-26015",
87157
88190
  "CVE-2026-26190",
88191
+ "CVE-2026-3059",
88192
+ "CVE-2026-3060",
87158
88193
  "CVE-2026-30615",
87159
88194
  "CVE-2026-30616",
87160
88195
  "CVE-2026-30617",