@blamejs/exceptd-skills 0.13.125 → 0.14.0

package/data/_indexes/chains.json

@@ -76868,6 +76868,360 @@
       ]
     }
   },
+  "CVE-2026-21877": {
+    "name": "n8n Git Node Arbitrary File Write Authenticated RCE",
+    "rwep": 29,
+    "cvss": 9.9,
+    "cisa_kev": false,
+    "epss_score": 0.10735,
+    "referencing_skills": [
+      "ai-attack-surface",
+      "compliance-theater",
+      "rag-pipeline-security",
+      "ai-c2-detection",
+      "threat-modeling-methodology",
+      "webapp-security",
+      "api-security",
+      "container-runtime-security",
+      "email-security-anti-phishing"
+    ],
+    "chain": {
+      "cwes": [
+        {
+          "id": "CWE-1039",
+          "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
+          "category": "AI/ML"
+        },
+        {
+          "id": "CWE-1188",
+          "name": "Initialization of a Resource with an Insecure Default",
+          "category": "Configuration"
+        },
+        {
+          "id": "CWE-1395",
+          "name": "Dependency on Vulnerable Third-Party Component",
+          "category": "Supply Chain"
+        },
+        {
+          "id": "CWE-1426",
+          "name": "Improper Validation of Generative AI Output",
+          "category": "AI/ML"
+        },
+        {
+          "id": "CWE-200",
+          "name": "Exposure of Sensitive Information to an Unauthorized Actor",
+          "category": "Information Exposure"
+        },
+        {
+          "id": "CWE-22",
+          "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
+          "category": "Path/Resource"
+        },
+        {
+          "id": "CWE-269",
+          "name": "Improper Privilege Management",
+          "category": "Authorization"
+        },
+        {
+          "id": "CWE-287",
+          "name": "Improper Authentication",
+          "category": "Authentication"
+        },
+        {
+          "id": "CWE-352",
+          "name": "Cross-Site Request Forgery (CSRF)",
+          "category": "Session"
+        },
+        {
+          "id": "CWE-434",
+          "name": "Unrestricted Upload of File with Dangerous Type",
+          "category": "File Handling"
+        },
+        {
+          "id": "CWE-502",
+          "name": "Deserialization of Untrusted Data",
+          "category": "Serialization"
+        },
+        {
+          "id": "CWE-732",
+          "name": "Incorrect Permission Assignment for Critical Resource",
+          "category": "Authorization"
+        },
+        {
+          "id": "CWE-77",
+          "name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
+          "category": "Injection"
+        },
+        {
+          "id": "CWE-78",
+          "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
+          "category": "Injection"
+        },
+        {
+          "id": "CWE-787",
+          "name": "Out-of-bounds Write",
+          "category": "Memory Safety"
+        },
+        {
+          "id": "CWE-79",
+          "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
+          "category": "Injection"
+        },
+        {
+          "id": "CWE-862",
+          "name": "Missing Authorization",
+          "category": "Authorization"
+        },
+        {
+          "id": "CWE-863",
+          "name": "Incorrect Authorization",
+          "category": "Authorization"
+        },
+        {
+          "id": "CWE-89",
+          "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
+          "category": "Injection"
+        },
+        {
+          "id": "CWE-918",
+          "name": "Server-Side Request Forgery (SSRF)",
+          "category": "Network"
+        },
+        {
+          "id": "CWE-94",
+          "name": "Improper Control of Generation of Code (Code Injection)",
+          "category": "Injection"
+        }
+      ],
+      "atlas": [
+        {
+          "id": "AML.T0010",
+          "name": "ML Supply Chain Compromise",
+          "tactic": "Initial Access"
+        },
+        {
+          "id": "AML.T0016",
+          "name": "Obtain Capabilities: Develop Capabilities",
+          "tactic": "Resource Development"
+        },
+        {
+          "id": "AML.T0017",
+          "name": "Discover ML Model Ontology",
+          "tactic": "Discovery"
+        },
+        {
+          "id": "AML.T0018",
+          "name": "Backdoor ML Model",
+          "tactic": "Persistence"
+        },
+        {
+          "id": "AML.T0020",
+          "name": "Poison Training Data",
+          "tactic": "ML Attack Staging"
+        },
+        {
+          "id": "AML.T0043",
+          "name": "Craft Adversarial Data",
+          "tactic": "ML Attack Staging"
+        },
+        {
+          "id": "AML.T0051",
+          "name": "LLM Prompt Injection",
+          "tactic": "Execution"
+        },
+        {
+          "id": "AML.T0054",
+          "name": "LLM Jailbreak",
+          "tactic": "Defense Evasion"
+        },
+        {
+          "id": "AML.T0096",
+          "name": "AI API as Covert C2 Channel",
+          "tactic": "Command and Control"
+        }
+      ],
+      "d3fend": [
+        {
+          "id": "D3-CA",
+          "name": "Certificate Analysis",
+          "tactic": "Detect"
+        },
+        {
+          "id": "D3-CSPP",
+          "name": "Client-server Payload Profiling",
+          "tactic": "Detect"
+        },
+        {
+          "id": "D3-DA",
+          "name": "Domain Analysis",
+          "tactic": "Detect"
+        },
+        {
+          "id": "D3-IOPR",
+          "name": "Input/Output Profiling Resource",
+          "tactic": "Detect"
+        },
+        {
+          "id": "D3-NI",
+          "name": "Network Isolation",
+          "tactic": "Isolate"
+        },
+        {
+          "id": "D3-NTA",
+          "name": "Network Traffic Analysis",
+          "tactic": "Detect"
+        },
+        {
+          "id": "D3-NTPM",
+          "name": "Network Traffic Policy Mapping",
+          "tactic": "Model"
+        }
+      ],
+      "framework_gaps": [
+        {
+          "id": "ALL-AI-PIPELINE-INTEGRITY",
+          "framework": "ALL",
+          "control_name": "AI Pipeline Integrity"
+        },
+        {
+          "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
+          "framework": "ALL",
+          "control_name": "Prompt Injection as Access Control Failure"
+        },
+        {
+          "id": "CMMC-2.0-Level-2",
+          "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
+          "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
+        },
+        {
+          "id": "FedRAMP-Rev5-Moderate",
+          "framework": "FedRAMP Rev 5 Moderate",
+          "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
+        },
+        {
+          "id": "ISO-27001-2022-A.8.16",
+          "framework": "ISO/IEC 27001:2022",
+          "control_name": "Monitoring activities"
+        },
+        {
+          "id": "ISO-27001-2022-A.8.28",
+          "framework": "ISO/IEC 27001:2022",
+          "control_name": "Secure coding"
+        },
+        {
+          "id": "ISO-IEC-23894-2023-clause-7",
+          "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
+          "control_name": "AI risk management process"
+        },
+        {
+          "id": "ISO-IEC-42001-2023-clause-6.1.2",
+          "framework": "ISO/IEC 42001:2023 (AI Management System)",
+          "control_name": "AI risk assessment"
+        },
+        {
+          "id": "NIST-800-218-SSDF",
+          "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
+          "control_name": "Secure Software Development Framework"
+        },
+        {
+          "id": "NIST-800-53-AC-2",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Account Management"
+        },
+        {
+          "id": "NIST-800-53-CM-7",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Least Functionality"
+        },
+        {
+          "id": "NIST-800-53-SC-7",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Boundary Protection"
+        },
+        {
+          "id": "NIST-800-53-SI-12",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Information Management and Retention"
+        },
+        {
+          "id": "NIST-800-53-SI-3",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Malicious Code Protection"
+        },
+        {
+          "id": "NIST-AI-RMF-MEASURE-2.5",
+          "framework": "NIST AI RMF 1.0",
+          "control_name": "AI system to human interaction evaluation"
+        },
+        {
+          "id": "OWASP-ASVS-v5.0-V14",
+          "framework": "OWASP ASVS v5.0",
+          "control_name": "Configuration verification"
+        },
+        {
+          "id": "OWASP-LLM-Top-10-2025-LLM01",
+          "framework": "OWASP Top 10 for LLM Applications 2025",
+          "control_name": "Prompt Injection"
+        },
+        {
+          "id": "OWASP-LLM-Top-10-2025-LLM02",
+          "framework": "OWASP Top 10 for LLM Applications 2025",
+          "control_name": "Sensitive Information Disclosure"
+        },
+        {
+          "id": "OWASP-LLM-Top-10-2025-LLM08",
+          "framework": "OWASP Top 10 for LLM Applications 2025",
+          "control_name": "Vector and Embedding Weaknesses"
+        },
+        {
+          "id": "SLSA-v1.0-Build-L3",
+          "framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
+          "control_name": "Hardened build platform with non-falsifiable provenance"
+        },
+        {
+          "id": "SOC2-CC6-logical-access",
+          "framework": "SOC 2 (AICPA Trust Services Criteria)",
+          "control_name": "Logical and Physical Access Controls"
+        },
+        {
+          "id": "SOC2-CC7-anomaly-detection",
+          "framework": "SOC 2 (AICPA Trust Services Criteria)",
+          "control_name": "System Operations — Threat and Vulnerability Management"
+        }
+      ],
+      "attack_refs": [
+        "T1059",
+        "T1068",
+        "T1071",
+        "T1078",
+        "T1102",
+        "T1190",
+        "T1505",
+        "T1565",
+        "T1566",
+        "T1566.001",
+        "T1566.002",
+        "T1566.003",
+        "T1567",
+        "T1568",
+        "T1610",
+        "T1611"
+      ],
+      "rfc_refs": [
+        "RFC-6749",
+        "RFC-7519",
+        "RFC-8032",
+        "RFC-8446",
+        "RFC-8725",
+        "RFC-9000",
+        "RFC-9114",
+        "RFC-9180",
+        "RFC-9421",
+        "RFC-9458",
+        "RFC-9700"
+      ]
+    }
+  },
   "CWE-20": {
     "name": "Improper Input Validation",
     "category": "Validation",
@@ -77207,6 +77561,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -77446,6 +77801,7 @@
       "CVE-2025-68668",
       "CVE-2025-6965",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-30615",
       "CVE-2026-30623",
@@ -77657,6 +78013,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -77879,6 +78236,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -78115,6 +78473,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -78466,6 +78825,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22219",
       "CVE-2026-22252",
@@ -79244,6 +79604,7 @@
       "CVE-2025-68668",
       "CVE-2025-6965",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22219",
       "CVE-2026-3059",
@@ -79672,6 +80033,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -80333,6 +80695,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -81350,6 +81713,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -82614,6 +82978,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -83066,6 +83431,7 @@
       "CVE-2025-68668",
       "CVE-2025-6965",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-30615",
       "CVE-2026-30623",
@@ -84064,6 +84430,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -84619,6 +84986,7 @@
       "CVE-2026-21533",
       "CVE-2026-21643",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -85385,6 +85753,7 @@
       "CVE-2025-68668",
       "CVE-2025-6965",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-30615",
       "CVE-2026-30623",
@@ -85690,6 +86059,7 @@
       "CVE-2025-68668",
       "CVE-2025-6965",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-30615",
       "CVE-2026-30623",
@@ -86073,6 +86443,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -86444,6 +86815,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22219",
       "CVE-2026-22252",
@@ -86655,6 +87027,7 @@
       "CVE-2025-68668",
       "CVE-2025-6965",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-30615",
       "CVE-2026-30623",
@@ -87438,6 +87811,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22252",
       "CVE-2026-22688",
@@ -87800,6 +88174,7 @@
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-21858",
+      "CVE-2026-21877",
       "CVE-2026-22218",
       "CVE-2026-22219",
       "CVE-2026-22252",

package/data/atlas-ttps.json

@@ -1795,7 +1795,8 @@
       "CVE-2025-68668",
       "CVE-2024-31462",
       "CVE-2026-3059",
-      "CVE-2026-3060"
+      "CVE-2026-3060",
+      "CVE-2026-21877"
     ]
   },
   "AML.T0050": {

package/data/attack-techniques.json

@@ -349,7 +349,8 @@
       "CVE-2025-68668",
       "CVE-2026-21858",
       "CVE-2026-3059",
-      "CVE-2026-3060"
+      "CVE-2026-3060",
+      "CVE-2026-21877"
     ],
     "description_full": "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of [Unix Shell](https://attack.mitre.org/techniques/T1059/004) while Windows installations include the [Windows Command Shell](https://attack.mitre.org/techniques/T1059/003) and [PowerShell](https://attack.mitre.org/techniques/T1059/001). There are also cross-platform interpreters such as [Python](https://attack.mitre.org/techniques/T1059/006), as well as those commonly associated with client applications such as [JavaScript](https://attack.mitre.org/techniques/T1059/007) and [Visual Basic](https://attack.mitre.org/techniques/T1059/005). Adversaries may abuse these technologies in various ways as a means of executing arbitrary commands. Commands and scripts can be embedded in [Initial Access](https://attack.mitre.org/tactics/TA0001) payloads delivered to victims as lure documents or as secondary payloads downloaded from an existing C2. Adversaries may also execute commands through interactive terminals/shells, as well as utilize various [Remote Services](https://attack.mitre.org/techniques/T1021) in order to achieve remote Execution.(Citation: Powershell Remote Commands)(Citation: Cisco IOS Software Integrity Assurance - Command History)(Citation: Remote Shell Execution in Python)",
     "platforms": [
@@ -1117,7 +1118,8 @@
       "CVE-2025-68668",
       "CVE-2024-31462",
       "CVE-2026-3059",
-      "CVE-2026-3060"
+      "CVE-2026-3060",
+      "CVE-2026-21877"
     ],
     "description_full": "Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration. Exploited applications are often websites/web servers, but can also include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other system with Internet-accessible open sockets.(Citation: NVD CVE-2016-6662)(Citation: CIS Multiple SMB Vulnerabilities)(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks)(Citation: NVD CVE-2014-7169) On ESXi infrastructure, adversaries may exploit exposed OpenSLP services; they may alternatively exploit exposed VMware vCenter servers.(Citation: Recorded Future ESXiArgs Ransomware 2023)(Citation: Ars Technica VMWare Code Execution Vulnerability 2021) Depending on the flaw being exploited, this may also involve [Exploitation for Stealth](https://attack.mitre.org/techniques/T1211) or [Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203). If an application is hosted on cloud-based infrastructure and/or is containerized, then exploiting it may lead to compromise of the underlying instance or container. This can allow an adversary a path to access the cloud or container APIs (e.g., via the [Cloud Instance Metadata API](https://attack.mitre.org/techniques/T1552/005)), exploit container host access via [Escape to Host](https://attack.mitre.org/techniques/T1611), or take advantage of weak identity and access management policies. Adversaries may also exploit edge network infrastructure and related appliances, specifically targeting devices that do not support robust host-based defenses.(Citation: Mandiant Fortinet Zero Day)(Citation: Wired Russia Cyberwar) For websites and databases, the OWASP top 10 and CWE top 25 highlight the most common web-based vulnerabilities.(Citation: OWASP Top 10)(Citation: CWE top 25)",
     "platforms": [

package/data/cve-catalog.json

@@ -40479,5 +40479,109 @@
     ],
     "discovery_attribution_note": "Manually curated from NVD CVE-2026-3060 (CWE-502) + the SGLang fix (PR #20904) + the Orca Security writeup. SGLang LLM-serving-framework unauthenticated IPC-deserialization RCE (encoder-parallel disaggregation); reuses the AI-inference IPC deserialization-safety control NEW-CTRL-086.",
     "_kev_short_description": "SGLang's encoder-parallel disaggregation module deserializes untrusted serialized objects from unauthenticated peers, yielding unauth RCE (CWE-502); fixed in 0.5.10."
+  },
+  "CVE-2026-21877": {
+    "name": "n8n Git Node Arbitrary File Write Authenticated RCE",
+    "type": "RCE",
+    "cvss_score": 9.9,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+    "cvss_note": "GitHub (CNA) CVSS v3.1 base 9.9 (CRITICAL, scope-changed). n8n's Git node lets an authenticated user write a file of a dangerous type to an arbitrary path, achieving remote code execution and full instance compromise on both self-hosted and Cloud deployments (CWE-434 unrestricted file upload / CWE-94 code injection).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the disclosing GitHub Security Advisory (GHSA-v364-rw7m-3263): an authenticated user abuses the Git node to write a dangerous file that is subsequently executed.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via GitHub Security Advisory GHSA-v364-rw7m-3263 and enriched by NVD. The abused surface is n8n, a widely deployed AI-workflow / automation platform.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; the flaw is an arbitrary-file-write-to-RCE in a workflow builder's Git node.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation, and the CVE is not in CISA KEV (verified against the live catalog). FIRST EPSS percentile is elevated (93rd).",
+    "affected": "n8n >= 0.123.0 and < 1.121.3 (Git node); fixed in 1.121.3 (commit f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6).",
+    "affected_versions": [
+      "n8n >= 0.123.0, < 1.121.3"
+    ],
+    "vector": "n8n's Git node allows an authenticated user to write a file of a dangerous type to an attacker-chosen path; the written file is then executed, yielding remote code execution and full compromise of the n8n instance (self-hosted or Cloud) - CWE-434 unrestricted upload chained to CWE-94 code execution.",
+    "complexity": "low",
+    "complexity_notes": "GitHub v3.1 AV:N / AC:L / PR:L - an authenticated user who can configure the Git node.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading to n8n 1.121.3 or later (commit f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6); redeploy the instance.",
+    "vendor_update_paths": [
+      "Upgrade n8n to 1.121.3 or later. Constrain the Git node so it cannot write files of executable/dangerous types to arbitrary paths, scope workflow-edit permission tightly, and do not expose the editor to untrusted users."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-AC-3": "Access enforcement does not stop an authenticated user from writing an executable file via the Git node.",
+      "NIST-800-53-SI-3": "Malicious-code protection does not stop an arbitrary file write that becomes code execution.",
+      "NIST-800-53-SI-10": "No input validation confines the file type/path the Git node writes (CWE-434).",
+      "ISO-27001-2022-A.8.28": "Secure coding does not constrain the Git node's file writes to safe types/paths.",
+      "NIS2-Art21-network-security": "Article 21 measures do not model a workflow builder's Git node as an arbitrary-file-write-to-RCE surface.",
+      "DORA-Art-9": "ICT protection measures do not model file-write RCE in an AI-workflow platform as an ICT-risk event.",
+      "UK-CAF-B4": "System security objective has no objective for constraining file-writing workflow nodes.",
+      "AU-ISM-1546": "Patch-application control does not single out AI-workflow / automation platforms.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats a workflow builder's file-writing node as a code-execution sink requiring type/path constraint."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 29,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 24,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "High (RWEP 29, \"patch promptly\" band per lib/scoring.js). Not KEV (verified), no confirmed in-the-wild exploitation, patched at 1.121.3 (Hard Rule #3): poc_available=20 + blast_radius=24 (authenticated file-write-to-RCE with full compromise across self-hosted + Cloud, elevated EPSS), minus patch_available 15.",
+    "epss_score": 0.10735,
+    "epss_date": "2026-05-26",
+    "epss_note": "FIRST EPSS 0.10735 (93rd percentile) as of 2026-05-26.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-21877",
+    "cwe_refs": [
+      "CWE-434",
+      "CWE-94"
+    ],
+    "iocs": {
+      "behavioral": [
+        "n8n Git node configurations that write files with executable/dangerous extensions to paths outside the intended working tree.",
+        "Process execution by the n8n process originating from a file written via the Git node.",
+        "n8n >= 0.123.0 and < 1.121.3 with the Git node available to workflow editors - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to GitHub Security Advisory GHSA-v364-rw7m-3263 and NVD CVE-2026-21877 (CWE-434 / CWE-94)."
+    },
+    "source_verified": "2026-05-26",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-21877",
+      "https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "GHSA-v364-rw7m-3263",
+        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263",
+        "severity": "critical",
+        "published_date": "2026-01-08"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-21877",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21877",
+        "severity": "critical",
+        "published_date": "2026-01-08"
+      }
+    ],
+    "last_updated": "2026-05-26",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2026-21877 (CWE-434 / CWE-94) + GitHub Security Advisory GHSA-v364-rw7m-3263 (CNA, CVSS v3.1 9.9). n8n Git-node arbitrary-file-write-to-RCE; reuses the AI-app-builder execution-endpoint auth-and-sandbox control NEW-CTRL-103 (shared with the n8n code-node escape, Dify code-node, and Langflow/Flowise RCEs).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "n8n's Git node lets an authenticated user write a dangerous file to an arbitrary path for RCE and full instance compromise (CWE-434/CWE-94); fixed in 1.121.3."
   }
 }