@blamejs/exceptd-skills 0.13.124 → 0.13.126

package/data/atlas-ttps.json

@@ -1793,7 +1793,10 @@
       "CVE-2026-45829",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060",
+      "CVE-2026-21877"
     ]
   },
   "AML.T0050": {

package/data/attack-techniques.json

@@ -347,7 +347,10 @@
       "CVE-2025-10164",
       "CVE-2026-5760",
       "CVE-2025-68668",
-      "CVE-2026-21858"
+      "CVE-2026-21858",
+      "CVE-2026-3059",
+      "CVE-2026-3060",
+      "CVE-2026-21877"
     ],
     "description_full": "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of [Unix Shell](https://attack.mitre.org/techniques/T1059/004) while Windows installations include the [Windows Command Shell](https://attack.mitre.org/techniques/T1059/003) and [PowerShell](https://attack.mitre.org/techniques/T1059/001). There are also cross-platform interpreters such as [Python](https://attack.mitre.org/techniques/T1059/006), as well as those commonly associated with client applications such as [JavaScript](https://attack.mitre.org/techniques/T1059/007) and [Visual Basic](https://attack.mitre.org/techniques/T1059/005). Adversaries may abuse these technologies in various ways as a means of executing arbitrary commands. Commands and scripts can be embedded in [Initial Access](https://attack.mitre.org/tactics/TA0001) payloads delivered to victims as lure documents or as secondary payloads downloaded from an existing C2. Adversaries may also execute commands through interactive terminals/shells, as well as utilize various [Remote Services](https://attack.mitre.org/techniques/T1021) in order to achieve remote Execution.(Citation: Powershell Remote Commands)(Citation: Cisco IOS Software Integrity Assurance - Command History)(Citation: Remote Shell Execution in Python)",
     "platforms": [
@@ -1113,7 +1116,10 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060",
+      "CVE-2026-21877"
     ],
     "description_full": "Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration. Exploited applications are often websites/web servers, but can also include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other system with Internet-accessible open sockets.(Citation: NVD CVE-2016-6662)(Citation: CIS Multiple SMB Vulnerabilities)(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks)(Citation: NVD CVE-2014-7169) On ESXi infrastructure, adversaries may exploit exposed OpenSLP services; they may alternatively exploit exposed VMware vCenter servers.(Citation: Recorded Future ESXiArgs Ransomware 2023)(Citation: Ars Technica VMWare Code Execution Vulnerability 2021) Depending on the flaw being exploited, this may also involve [Exploitation for Stealth](https://attack.mitre.org/techniques/T1211) or [Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203). If an application is hosted on cloud-based infrastructure and/or is containerized, then exploiting it may lead to compromise of the underlying instance or container. This can allow an adversary a path to access the cloud or container APIs (e.g., via the [Cloud Instance Metadata API](https://attack.mitre.org/techniques/T1552/005)), exploit container host access via [Escape to Host](https://attack.mitre.org/techniques/T1611), or take advantage of weak identity and access management policies. Adversaries may also exploit edge network infrastructure and related appliances, specifically targeting devices that do not support robust host-based defenses.(Citation: Mandiant Fortinet Zero Day)(Citation: Wired Russia Cyberwar) For websites and databases, the OWASP top 10 and CWE top 25 highlight the most common web-based vulnerabilities.(Citation: OWASP Top 10)(Citation: CWE top 25)",
     "platforms": [

package/data/cve-catalog.json

@@ -40275,5 +40275,313 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "stable-diffusion-webui (1.7.0 through 1.8.0) Backup/Restore builds a write path from an unvalidated filename, yielding a limited file write on Windows (CWE-22); fixed by commit d9708c92."
+  },
+  "CVE-2026-3059": {
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "poc_available": true,
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is an unauthenticated IPC channel that deserializes untrusted serialized objects in an LLM serving framework.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "GitHub advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog).",
+    "complexity": "low",
+    "complexity_notes": "CNA AV:N / AC:L / PR:N / UI:N - an unauthenticated peer reaches the IPC/ZMQ channel.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to SGLang 0.5.10 or later (fix in PR #20904); redeploy the serving process and isolate the IPC channel on a trusted segment.",
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 31,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "epss_score": 0.01945,
+    "epss_date": "2026-05-26",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "last_updated": "2026-05-26",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation does not single out unsafe IPC deserialization in an LLM serving framework, which spreads by code reuse across engines.",
+      "NIST-800-53-SC-7": "Boundary protection does not isolate the unauthenticated IPC/ZMQ channel from untrusted peers.",
+      "ISO-27001-2022-A.8.8": "Technical-vulnerability management does not treat the serving framework's IPC deserialization as a managed surface.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model an LLM serving framework's IPC channel as an unauthenticated RCE surface.",
+      "DORA-Art-9": "ICT protection measures do not model unauthenticated IPC-deserialization RCE in an AI serving framework as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for authenticated, safe-serialized IPC in ML serving frameworks.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving frameworks.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an LLM serving framework's IPC channel as an integrity boundary requiring a safe serializer + peer authentication."
+    },
+    "name": "SGLang Multimodal-Generation ZMQ Broker Unauthenticated Deserialization RCE",
+    "cvss_note": "CNA CVSS v3.1 base 9.8 (CRITICAL). SGLang's multimodal generation module exposes a ZMQ broker that deserializes untrusted serialized objects from unauthenticated peers (CWE-502 deserialization of untrusted data), yielding unauthenticated remote code execution on the serving host.",
+    "poc_description": "Documented in the disclosing advisory (https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr) and the Orca Security writeup: an unauthenticated serialized-object message to the multimodal ZMQ broker executes code.",
+    "ai_discovery_notes": "Disclosed via GitHub Security Advisory GHSA-3cp7-c6q2-94xr and enriched by NVD. The abused surface is SGLang (lmsys), a widely used LLM serving / inference framework.",
+    "affected": "SGLang (lmsys) before 0.5.10 (multimodal generation module ZMQ broker).",
+    "affected_versions": [
+      "SGLang < 0.5.10"
+    ],
+    "vector": "SGLang's multimodal generation module runs a ZMQ broker (scheduler_client.py) that deserializes untrusted serialized objects received from unauthenticated peers, so an unauthenticated attacker who can reach the channel sends a crafted serialized object and executes arbitrary code on the serving host (CWE-502).",
+    "vendor_update_paths": [
+      "Upgrade SGLang to 0.5.10 or later (PR #20904). Use a safe serializer for IPC, never deserialize untrusted serialized objects, authenticate ZMQ peers, and isolate the channel on a trusted network segment."
+    ],
+    "rwep_notes": "High (RWEP 31, \"patch promptly\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, patched at 0.5.10 (Hard Rule #3): poc_available=20 + blast_radius=26 (unauthenticated CVSS-9.8 IPC-deserialization RCE in a widely used LLM serving framework), minus patch_available 15.",
+    "epss_note": "FIRST EPSS 0.01945 (84th percentile) as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-3059",
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated connections to the SGLang multimodal generation ZMQ broker from untrusted peers.",
+        "Process execution by the SGLang serving process triggered by a multimodal ZMQ message.",
+        "SGLang < 0.5.10 with the multimodal generation ZMQ channel reachable by untrusted peers - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to GHSA-3cp7-c6q2-94xr and NVD CVE-2026-3059 (CWE-502)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-3059",
+      "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "GHSA-3cp7-c6q2-94xr",
+        "url": "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-3059",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3059",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      }
+    ],
+    "discovery_attribution_note": "Manually curated from NVD CVE-2026-3059 (CWE-502) + GitHub Security Advisory GHSA-3cp7-c6q2-94xr + the Orca Security writeup. SGLang LLM-serving-framework unauthenticated IPC-deserialization RCE (multimodal ZMQ broker); reuses the AI-inference IPC deserialization-safety control NEW-CTRL-086 (shared with the vLLM ZeroMQ-transport and TensorRT-LLM deserialization class).",
+    "_kev_short_description": "SGLang's multimodal ZMQ broker deserializes untrusted serialized objects from unauthenticated peers, yielding unauth RCE (CWE-502); fixed in 0.5.10."
+  },
+  "CVE-2026-3060": {
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "poc_available": true,
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is an unauthenticated IPC channel that deserializes untrusted serialized objects in an LLM serving framework.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "GitHub advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog).",
+    "complexity": "low",
+    "complexity_notes": "CNA AV:N / AC:L / PR:N / UI:N - an unauthenticated peer reaches the IPC/ZMQ channel.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to SGLang 0.5.10 or later (fix in PR #20904); redeploy the serving process and isolate the IPC channel on a trusted segment.",
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 31,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "epss_score": 0.01945,
+    "epss_date": "2026-05-26",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "last_updated": "2026-05-26",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation does not single out unsafe IPC deserialization in an LLM serving framework, which spreads by code reuse across engines.",
+      "NIST-800-53-SC-7": "Boundary protection does not isolate the unauthenticated IPC/ZMQ channel from untrusted peers.",
+      "ISO-27001-2022-A.8.8": "Technical-vulnerability management does not treat the serving framework's IPC deserialization as a managed surface.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model an LLM serving framework's IPC channel as an unauthenticated RCE surface.",
+      "DORA-Art-9": "ICT protection measures do not model unauthenticated IPC-deserialization RCE in an AI serving framework as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for authenticated, safe-serialized IPC in ML serving frameworks.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving frameworks.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an LLM serving framework's IPC channel as an integrity boundary requiring a safe serializer + peer authentication."
+    },
+    "name": "SGLang Encoder-Parallel Disaggregation Unauthenticated Deserialization RCE",
+    "cvss_note": "CNA CVSS v3.1 base 9.8 (CRITICAL). SGLang's encoder parallel disaggregation system deserializes untrusted serialized objects from unauthenticated peers in the disaggregation module (CWE-502 deserialization of untrusted data), yielding unauthenticated remote code execution on the serving host.",
+    "poc_description": "Documented in the disclosing advisory and the Orca Security writeup: an unauthenticated serialized-object message to the disaggregation module (encode_receiver.py) executes code.",
+    "ai_discovery_notes": "Disclosed via GitHub Security Advisory (PR #20904) and enriched by NVD. The abused surface is SGLang (lmsys), a widely used LLM serving / inference framework.",
+    "affected": "SGLang (lmsys) before 0.5.10 (encoder parallel disaggregation module).",
+    "affected_versions": [
+      "SGLang < 0.5.10"
+    ],
+    "vector": "SGLang's encoder parallel disaggregation system (encode_receiver.py) deserializes untrusted serialized objects received from unauthenticated peers, so an unauthenticated attacker who can reach the disaggregation channel sends a crafted serialized object and executes arbitrary code on the serving host (CWE-502).",
+    "vendor_update_paths": [
+      "Upgrade SGLang to 0.5.10 or later (PR #20904). Use a safe serializer for the disaggregation IPC, never deserialize untrusted serialized objects, authenticate peers, and isolate the channel on a trusted network segment."
+    ],
+    "rwep_notes": "High (RWEP 31, \"patch promptly\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, patched at 0.5.10 (Hard Rule #3): poc_available=20 + blast_radius=26 (unauthenticated CVSS-9.8 IPC-deserialization RCE in a widely used LLM serving framework), minus patch_available 15.",
+    "epss_note": "FIRST EPSS 0.01945 (84th percentile) as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-3060",
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated connections to the SGLang encoder-parallel disaggregation channel from untrusted peers.",
+        "Process execution by the SGLang serving process triggered by a disaggregation-module message.",
+        "SGLang < 0.5.10 with the disaggregation channel reachable by untrusted peers - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the SGLang advisory (PR #20904) and NVD CVE-2026-3060 (CWE-502)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-3060",
+      "https://github.com/sgl-project/sglang/pull/20904"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "CVE-2026-3060",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3060",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-3060",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3060",
+        "severity": "critical",
+        "published_date": "2026-04-20"
+      }
+    ],
+    "discovery_attribution_note": "Manually curated from NVD CVE-2026-3060 (CWE-502) + the SGLang fix (PR #20904) + the Orca Security writeup. SGLang LLM-serving-framework unauthenticated IPC-deserialization RCE (encoder-parallel disaggregation); reuses the AI-inference IPC deserialization-safety control NEW-CTRL-086.",
+    "_kev_short_description": "SGLang's encoder-parallel disaggregation module deserializes untrusted serialized objects from unauthenticated peers, yielding unauth RCE (CWE-502); fixed in 0.5.10."
+  },
+  "CVE-2026-21877": {
+    "name": "n8n Git Node Arbitrary File Write Authenticated RCE",
+    "type": "RCE",
+    "cvss_score": 9.9,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+    "cvss_note": "GitHub (CNA) CVSS v3.1 base 9.9 (CRITICAL, scope-changed). n8n's Git node lets an authenticated user write a file of a dangerous type to an arbitrary path, achieving remote code execution and full instance compromise on both self-hosted and Cloud deployments (CWE-434 unrestricted file upload / CWE-94 code injection).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the disclosing GitHub Security Advisory (GHSA-v364-rw7m-3263): an authenticated user abuses the Git node to write a dangerous file that is subsequently executed.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via GitHub Security Advisory GHSA-v364-rw7m-3263 and enriched by NVD. The abused surface is n8n, a widely deployed AI-workflow / automation platform.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is an arbitrary-file-write-to-RCE in a workflow builder's Git node.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog). FIRST EPSS percentile is elevated (93rd).",
+    "affected": "n8n >= 0.123.0 and < 1.121.3 (Git node); fixed in 1.121.3 (commit f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6).",
+    "affected_versions": [
+      "n8n >= 0.123.0, < 1.121.3"
+    ],
+    "vector": "n8n's Git node allows an authenticated user to write a file of a dangerous type to an attacker-chosen path; the written file is then executed, yielding remote code execution and full compromise of the n8n instance (self-hosted or Cloud) - CWE-434 unrestricted upload chained to CWE-94 code execution.",
+    "complexity": "low",
+    "complexity_notes": "GitHub v3.1 AV:N / AC:L / PR:L - an authenticated user who can configure the Git node.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to n8n 1.121.3 or later (commit f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6); redeploy the instance.",
+    "vendor_update_paths": [
+      "Upgrade n8n to 1.121.3 or later. Constrain the Git node so it cannot write files of executable/dangerous types to arbitrary paths, scope workflow-edit permission tightly, and do not expose the editor to untrusted users."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-AC-3": "Access enforcement does not stop an authenticated user from writing an executable file via the Git node.",
+      "NIST-800-53-SI-3": "Malicious-code protection does not stop an arbitrary file write that becomes code execution.",
+      "NIST-800-53-SI-10": "No input validation confines the file type/path the Git node writes (CWE-434).",
+      "ISO-27001-2022-A.8.28": "Secure coding does not constrain the Git node's file writes to safe types/paths.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model a workflow builder's Git node as an arbitrary-file-write-to-RCE surface.",
+      "DORA-Art-9": "ICT protection measures do not model file-write RCE in an AI-workflow platform as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for constraining file-writing workflow nodes.",
+      "AU-ISM-1546": "Patch-application control does not single out AI-workflow / automation platforms.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats a workflow builder's file-writing node as a code-execution sink requiring type/path constraint."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 29,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 24,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "High (RWEP 29, \"patch promptly\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, patched at 1.121.3 (Hard Rule #3): poc_available=20 + blast_radius=24 (authenticated file-write-to-RCE with full compromise across self-hosted + Cloud, elevated EPSS), minus patch_available 15.",
+    "epss_score": 0.10735,
+    "epss_date": "2026-05-26",
+    "epss_note": "FIRST EPSS 0.10735 (93rd percentile) as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-21877",
+    "cwe_refs": [
+      "CWE-434",
+      "CWE-94"
+    ],
+    "iocs": {
+      "behavioral": [
+        "n8n Git node configurations that write files with executable/dangerous extensions to paths outside the intended working tree.",
+        "Process execution by the n8n process originating from a file written via the Git node.",
+        "n8n >= 0.123.0 and < 1.121.3 with the Git node available to workflow editors - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to GitHub Security Advisory GHSA-v364-rw7m-3263 and NVD CVE-2026-21877 (CWE-434 / CWE-94)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-21877",
+      "https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "GHSA-v364-rw7m-3263",
+        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263",
+        "severity": "critical",
+        "published_date": "2026-01-08"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-21877",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21877",
+        "severity": "critical",
+        "published_date": "2026-01-08"
+      }
+    ],
+    "last_updated": "2026-05-26",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2026-21877 (CWE-434 / CWE-94) + GitHub Security Advisory GHSA-v364-rw7m-3263 (CNA, CVSS v3.1 9.9). n8n Git-node arbitrary-file-write-to-RCE; reuses the AI-app-builder execution-endpoint auth-and-sandbox control NEW-CTRL-103 (shared with the n8n code-node escape, Dify code-node, and Langflow/Flowise RCEs).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "n8n's Git node lets an authenticated user write a dangerous file to an arbitrary path for RCE and full instance compromise (CWE-434/CWE-94); fixed in 1.121.3."
   }
 }

package/data/cwe-catalog.json

@@ -428,7 +428,8 @@
       "CVE-2026-45829",
       "CVE-2026-6973",
       "MAL-2026-3083",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-21877"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",
@@ -1282,7 +1283,8 @@
       "CVE-2024-7399",
       "CVE-2024-7694",
       "CVE-2025-2749",
-      "CVE-2025-52691"
+      "CVE-2025-52691",
+      "CVE-2026-21877"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-3",
@@ -1380,7 +1382,9 @@
       "CVE-2026-20963",
       "CVE-2026-31229",
       "CVE-2025-68665",
-      "CVE-2025-10164"
+      "CVE-2025-10164",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",

package/data/framework-control-gaps.json

@@ -126,7 +126,10 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060",
+      "CVE-2026-21877"
     ],
     "atlas_refs": [
       "AML.T0018",
@@ -1327,7 +1330,8 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-21877"
     ],
     "atlas_refs": [
       "AML.T0051",
@@ -1714,7 +1718,9 @@
       "CVE-2026-46300",
       "CVE-2026-46333",
       "CVE-2026-5281",
-      "CVE-2026-9082"
+      "CVE-2026-9082",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -2330,7 +2336,9 @@
       "CVE-2026-42897",
       "CVE-2024-12450",
       "CVE-2026-22219",
-      "CVE-2026-5760"
+      "CVE-2026-5760",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [
       "AML.T0096",
@@ -2452,7 +2460,8 @@
       "CVE-2025-10164",
       "CVE-2026-5760",
       "CVE-2026-21858",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-21877"
     ],
     "atlas_refs": [
       "AML.T0053"
@@ -2860,7 +2869,9 @@
       "CVE-2026-5281",
       "CVE-2026-6973",
       "CVE-2026-9082",
-      "CVE-2025-10164"
+      "CVE-2025-10164",
+      "CVE-2026-3059",
+      "CVE-2026-3060"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -2906,7 +2917,8 @@
       "CVE-2026-32202",
       "CVE-2026-33017",
       "CVE-2026-33825",
-      "CVE-2025-68668"
+      "CVE-2025-68668",
+      "CVE-2026-21877"
     ],
     "atlas_refs": [
       "AML.T0017"
@@ -5247,7 +5259,10 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060",
+      "CVE-2026-21877"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -5302,7 +5317,8 @@
       "CVE-2026-22219",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-21877"
     ],
     "atlas_refs": [
       "AML.T0051"
@@ -5851,7 +5867,10 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060",
+      "CVE-2026-21877"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -5984,7 +6003,10 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060",
+      "CVE-2026-21877"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -6415,7 +6437,10 @@
       "CVE-2026-5760",
       "CVE-2026-21858",
       "CVE-2025-68668",
-      "CVE-2024-31462"
+      "CVE-2024-31462",
+      "CVE-2026-3059",
+      "CVE-2026-3060",
+      "CVE-2026-21877"
     ],
     "atlas_refs": [],
     "attack_refs": [