@blamejs/exceptd-skills 0.13.70 → 0.13.72

package/data/atlas-ttps.json

@@ -541,6 +541,7 @@
       "CVE-2025-53773",
       "CVE-2025-55319",
       "CVE-2025-68664",
+      "CVE-2026-25592",
       "CVE-2026-30615",
       "CVE-2026-39884",
       "CVE-2026-39987"

package/data/attack-techniques.json

@@ -276,6 +276,7 @@
       "CVE-2025-55319",
       "CVE-2025-68664",
       "CVE-2026-22778",
+      "CVE-2026-25592",
       "CVE-2026-30615",
       "CVE-2026-30623",
       "CVE-2026-32202",
@@ -1080,6 +1081,10 @@
     "name": "Exploitation for Client Execution",
     "version": "v19",
     "cve_refs": [
+      "CVE-2009-1537",
+      "CVE-2009-3459",
+      "CVE-2010-0249",
+      "CVE-2010-0806",
       "CVE-2014-3931",
       "CVE-2018-14634",
       "CVE-2020-9715",
@@ -1100,6 +1105,7 @@
       "CVE-2025-4919",
       "CVE-2026-21385",
       "CVE-2026-2441",
+      "CVE-2026-25592",
       "CVE-2026-5281",
       "MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP"
     ],
@@ -4249,7 +4255,10 @@
       "ESXi"
     ],
     "stix_id": "attack-pattern--9db0cf3a-a3c9-4012-8268-123b9db6fd82",
-    "is_subtechnique": false
+    "is_subtechnique": false,
+    "cve_refs": [
+      "CVE-2008-4250"
+    ]
   },
   "T1211": {
     "id": "T1211",

package/data/cve-catalog.json

@@ -55,7 +55,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.038,
+      "current_rate": 0.037,
       "current_floor_enforced_by_test": 0.03,
       "ladder_to_target": [
         0.03,
@@ -9475,6 +9475,123 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "Langflow contains an origin validation error vulnerability that could allow account takeover and remote code execution."
   },
+  "CVE-2026-25592": {
+    "name": "Microsoft Semantic Kernel SessionsPythonPlugin Path Traversal — Prompt-Injection to Host RCE",
+    "type": "RCE",
+    "cvss_score": 9.9,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.9 (CRITICAL), Scope:Changed. The high score reflects worst-case impact; the RWEP score is intentionally lower (Hard Rule #3) because there is no confirmed in-the-wild exploitation or KEV listing and a patch shipped at disclosure.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Microsoft published the technique and a working demonstration (a single injected prompt launching calc.exe on the agent host) in the 'Prompts become shells' Security Blog (2026-05-07); GitHub advisory GHSA-2ww3-72rp-wpp4. No standalone public exploit repository, but the chain is fully documented.",
+    "ai_discovered": false,
+    "ai_discovery_source": "vendor_research",
+    "ai_discovery_notes": "Discovered and disclosed by Microsoft (MSRC). Not AI-discovered, but the vulnerability class IS AI-native: the exploitation primitive is LLM prompt injection (ATLAS AML.T0051), turning an agent's tool-use boundary into a code-execution boundary.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "Exploit is delivered as an injected prompt to the agent; no separate AI-assisted tooling required to weaponize.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Research disclosure with a coordinated patch (1.71.0); no in-the-wild exploitation reported as of curation. The public, documented prompt-injection-to-RCE technique elevates the watch posture — RWEP would jump on any observed exploitation.",
+    "affected": "Microsoft Semantic Kernel — the SessionsPythonPlugin, shipped in the NuGet package Microsoft.SemanticKernel.Plugins.Core (< 1.71.0) and the PyPI package semantic-kernel (< 1.39.3), per GHSA-2ww3-72rp-wpp4.",
+    "affected_versions": [
+      "Microsoft.SemanticKernel.Plugins.Core (NuGet) < 1.71.0",
+      "semantic-kernel (PyPI) < 1.39.3"
+    ],
+    "vector": "The SessionsPythonPlugin in Semantic Kernel's .NET SDK is vulnerable to path traversal (CWE-22), allowing arbitrary file write. Because the plugin executes within an agent wired to tools, an attacker-controlled prompt (indirect or direct LLM prompt injection, AML.T0051) can drive the file write to a location that yields host code execution — escaping the intended Python sandbox. A single injected prompt was shown launching calc.exe on the agent host: prompt injection becomes a remote-code-execution primitive once the model can reach tools.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L. The precondition is that untrusted content reaches the agent's prompt (the normal operating mode for RAG / tool-using agents); no memory-corruption or browser bug needed.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is a dependency upgrade to Microsoft.SemanticKernel.Plugins.Core 1.71.0 or later; application rebuild/redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "NuGet: upgrade Microsoft.SemanticKernel.Plugins.Core to 1.71.0 or later.",
+      "PyPI: upgrade semantic-kernel to 1.39.3 or later.",
+      "Until patched: disable or sandbox the SessionsPythonPlugin and treat any tool that performs file writes as a code-execution boundary reachable by prompt injection."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track AI-agent-framework SDK dependencies (NuGet/PyPI) with the urgency a prompt-injection-to-RCE warrants; the SDK is often outside the OS/patch-management inventory.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the AI-agent framework and its tool plugins as in-scope assets whose flaws are RCE-bearing.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not specifically reach the agent framework's tool-execution sandbox as a control plane.",
+      "DORA-Art-9": "ICT protection measures do not treat the AI agent's tool boundary as an attacker-reachable code-execution surface via prompt injection.",
+      "UK-CAF-B4": "System Security objective has no objective for sandboxing/auditing the code-execution plugins an AI agent can invoke.",
+      "AU-ISM-1546": "Patch-application control is product-agnostic and does not single out AI-agent SDK dependencies.",
+      "ALL-PROMPT-INJECTION-ACCESS-CONTROL": "No compliance framework treats LLM prompt injection as an access-control / code-execution primitive: once an agent can reach a tool that writes files or runs code, injected content crosses from a content-safety problem to host RCE, and no framework requires the tool boundary to be hardened against it."
+    },
+    "atlas_refs": [
+      "AML.T0051"
+    ],
+    "attack_refs": [
+      "T1059",
+      "T1203"
+    ],
+    "rwep_score": 30,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 25,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "P3 (RWEP 30 per lib/scoring.js) despite CVSS 9.9 — the gap is deliberate (Hard Rule #3, real-world-exploit priority): not KEV-listed, no confirmed in-the-wild exploitation, patch available at disclosure. poc_available=20 (documented working technique) + blast_radius=25 (Semantic Kernel is a widely-used .NET agent SDK) − patch 15. The score escalates immediately on any observed exploitation; the prompt-injection-to-RCE chain is the class to watch.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-25592",
+    "cwe_refs": [
+      "CWE-22",
+      "CWE-94"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Semantic Kernel SessionsPythonPlugin performing a file write whose resolved path escapes the intended session/sandbox directory (path-traversal sequences in plugin file operations).",
+        "An AI-agent process built on Semantic Kernel spawning unexpected child processes (e.g. a shell, interpreter, or calc.exe-style binary) shortly after handling untrusted/retrieved content.",
+        "Agent tool-invocation logs showing a file-write or code-execution tool called as a downstream effect of injected/retrieved content rather than an operator request.",
+        "Deployed Microsoft.SemanticKernel.Plugins.Core dependency below 1.71.0 — the exposed precondition."
+      ],
+      "supply_chain_entry_vectors": [
+        "Untrusted content reaching the agent's prompt context — retrieved documents (RAG), tool outputs, web content, or user input — is the injection entry point; no direct attacker authentication to the host is required."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from NVD CVE-2026-25592 (CWE-22 path traversal / arbitrary file write in SessionsPythonPlugin) and the Microsoft 'Prompts become shells' Security Blog (2026-05-07) describing the prompt-injection-to-host-RCE chain and calc.exe demonstration."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-25592",
+      "https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/",
+      "https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "Microsoft (MSRC)",
+        "advisory_id": "CVE-2026-25592",
+        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25592",
+        "severity": "critical",
+        "published_date": "2026-05-07"
+      },
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "GHSA-2ww3-72rp-wpp4",
+        "url": "https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4",
+        "severity": "critical",
+        "published_date": "2026-05-07"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-25592",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25592",
+        "severity": "critical",
+        "published_date": "2026-05-07"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CVSS 9.9, CWE-22) + Microsoft 'Prompts become shells' Security Blog (2026-05-07) + GHSA-2ww3-72rp-wpp4. Arbitrary file write via path traversal in the SessionsPythonPlugin, exploitable through LLM prompt injection (AML.T0051) to achieve host RCE. Non-KEV research disclosure; fixed in Microsoft.SemanticKernel.Plugins.Core 1.71.0.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Microsoft Semantic Kernel SessionsPythonPlugin path traversal enabling arbitrary file write and, via prompt injection, host remote code execution."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",
@@ -9810,6 +9927,411 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "Microsoft Defender contains an uncontrolled-resource-consumption flaw allowing a remote, unauthenticated denial of service that disables endpoint protection."
   },
+  "CVE-2008-4250": {
+    "name": "Microsoft Windows Server Service RPC Buffer Overflow (MS08-067)",
+    "type": "RCE",
+    "cvss_score": 9.3,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "Operator estimate for a legacy CVE re-listed to CISA KEV on 2026-05-20 (CVSSv2 was 10.0). Refine via `exceptd refresh --advisory CVE-2008-4250 --apply`.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-20",
+    "cisa_kev_due_date": "2026-06-03",
+    "poc_available": true,
+    "poc_description": "Long-public, weaponized RCE (Metasploit ms08_067_netapi; the Conficker worm and later Stuxnet used it). Re-listed to KEV for renewed exploitation against unpatched / legacy Windows hosts.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Legacy CVE (2008); no AI-discovery provenance.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "Legacy weaponization (worm/exploit-kit era); not AI-assisted.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA KEV re-listing 2026-05-20 attests renewed active exploitation, typically against unpatched / end-of-life Windows in OT and legacy enterprise environments.",
+    "affected": "Microsoft Windows (Server service) — legacy supported builds of the MS08-067 era; see Microsoft MS08-067 for affected versions.",
+    "affected_versions": [
+      "Microsoft Windows 2000 / XP / Server 2003 / Vista / Server 2008 (per MS08-067)"
+    ],
+    "vector": "A crafted RPC request to the Windows Server service triggers a buffer overflow allowing unauthenticated remote code execution — wormable. The canonical legacy network RCE.",
+    "complexity": "low",
+    "complexity_notes": "Unauthenticated, network-reachable, reliable public exploit. The patch has existed since 2008; exposure is purely unpatched / legacy systems.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Microsoft patch MS08-067 (2008); requires reboot. No live-patch primitive.",
+    "vendor_update_paths": [
+      "Apply MS08-067; decommission or isolate any remaining unpatched / end-of-life Windows hosts."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "An 18-year-old patched CVE re-appearing on KEV exposes the gap between 'patch released' and 'patch deployed' across legacy/OT estates; SI-2's flaw-remediation SLA assumes assets are in the managed patch program at all.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely covers end-of-life assets that no longer receive routine scanning; a KEV re-listing of a legacy RCE is the signal that those assets are being hunted.",
+      "NIST-800-53-AC-6": "Least-privilege presumes a working boundary; an unauthenticated wormable RCE on a reachable legacy host has none."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1210"
+    ],
+    "rwep_score": 70,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 15,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "P1 — KEV-listed, weaponized, confirmed exploitation. blast_radius=15 reflects that exposure is constrained to unpatched / legacy estates rather than the full modern Windows population. Draft (KEV-gap-fill) pending per-CVE enrichment.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this KEV-gap-fill draft.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2008-4250",
+    "cwe_refs": [
+      "CWE-119"
+    ],
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://nvd.nist.gov/vuln/detail/CVE-2008-4250"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2008-4250",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manual KEV-gap-fill: legacy CVE re-listed to CISA KEV 2026-05-20 (renewed exploitation against unpatched / legacy Windows). Draft pending enrichment; postdates the v0.13.17 bulk intake (KEV catalog 2026.05.15).",
+    "_auto_imported": true,
+    "_intake_method": "manual-kev-gap-fill-2026-05-20",
+    "_kev_short_description": "Microsoft Windows Server service contains a buffer overflow allowing unauthenticated wormable remote code execution (MS08-067)."
+  },
+  "CVE-2009-1537": {
+    "name": "Microsoft DirectShow QuickTime Parsing Memory Corruption",
+    "type": "RCE",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+    "cvss_note": "Operator estimate for a legacy CVE re-listed to CISA KEV 2026-05-20. Refine via `exceptd refresh --advisory CVE-2009-1537 --apply`.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-20",
+    "cisa_kev_due_date": "2026-06-03",
+    "poc_available": true,
+    "poc_description": "Public client-side exploit (malicious media file) from the MS09-028 era; re-listed for renewed exploitation on legacy systems.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Legacy CVE (2009); no AI-discovery provenance.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "Legacy weaponization; not AI-assisted.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA KEV re-listing 2026-05-20 attests renewed active exploitation against legacy systems.",
+    "affected": "Microsoft DirectX / DirectShow (QuickTime content parsing) on legacy Windows — see MS09-028.",
+    "affected_versions": [
+      "Microsoft Windows 2000 / XP / Server 2003 DirectX (per MS09-028)"
+    ],
+    "vector": "Parsing a maliciously crafted QuickTime media file in Microsoft DirectShow corrupts memory (NULL-byte overwrite class), allowing remote code execution when a user opens the file.",
+    "complexity": "low",
+    "complexity_notes": "Client-side: requires the victim to open crafted media. Public exploit; patch since 2009.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Microsoft patch MS09-028 (2009); requires reboot.",
+    "vendor_update_paths": [
+      "Apply MS09-028; decommission or isolate unpatched / end-of-life Windows hosts."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Re-listing of a legacy patched client-side RCE exposes the patch-deployment gap on legacy endpoints.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely scans end-of-life client systems where this remains exploitable.",
+      "NIST-800-53-AC-6": "Client-side RCE runs with the victim user's privileges; least-privilege limits but does not prevent it."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1203"
+    ],
+    "rwep_score": 70,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 15,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "P1 — KEV-listed legacy client-side RCE; blast_radius=15 (legacy-constrained). Draft (KEV-gap-fill).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this KEV-gap-fill draft.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2009-1537",
+    "cwe_refs": [
+      "CWE-787"
+    ],
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://nvd.nist.gov/vuln/detail/CVE-2009-1537"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2009-1537",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manual KEV-gap-fill: legacy CVE re-listed to CISA KEV 2026-05-20. Draft pending enrichment.",
+    "_auto_imported": true,
+    "_intake_method": "manual-kev-gap-fill-2026-05-20",
+    "_kev_short_description": "Microsoft DirectShow QuickTime parsing memory corruption allowing remote code execution via a crafted media file."
+  },
+  "CVE-2009-3459": {
+    "name": "Adobe Acrobat and Reader Heap-Based Buffer Overflow",
+    "type": "RCE",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+    "cvss_note": "Operator estimate for a legacy CVE re-listed to CISA KEV 2026-05-20. Refine via `exceptd refresh --advisory CVE-2009-3459 --apply`.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-20",
+    "cisa_kev_due_date": "2026-06-03",
+    "poc_available": true,
+    "poc_description": "Public client-side exploit (malicious PDF) from the 2009 Adobe Acrobat/Reader era; re-listed for renewed exploitation on unpatched readers.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Legacy CVE (2009); no AI-discovery provenance.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "Legacy weaponization; not AI-assisted.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA KEV re-listing 2026-05-20 attests renewed active exploitation against unpatched Acrobat/Reader installs.",
+    "affected": "Adobe Acrobat and Reader (2009-era versions) — see Adobe APSB09-15.",
+    "affected_versions": [
+      "Adobe Acrobat / Reader 9.x and earlier (per APSB09-15)"
+    ],
+    "vector": "A crafted PDF triggers a heap-based buffer overflow in Adobe Acrobat/Reader, allowing remote code execution when the document is opened.",
+    "complexity": "low",
+    "complexity_notes": "Client-side: requires opening a malicious PDF. Public exploit; patch since 2009.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Adobe patch APSB09-15 (2009); application update.",
+    "vendor_update_paths": [
+      "Update Adobe Acrobat / Reader to a supported version; remove end-of-life installs."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Re-listing of a legacy document-handler RCE exposes the patch-deployment gap for client applications on unmanaged endpoints.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management often omits third-party desktop apps (PDF readers) on legacy endpoints.",
+      "NIST-800-53-AC-6": "Document-handler RCE runs with the opening user's privileges."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1203"
+    ],
+    "rwep_score": 70,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 15,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "P1 — KEV-listed legacy client-side RCE; blast_radius=15 (legacy-constrained). Draft (KEV-gap-fill).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this KEV-gap-fill draft.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2009-3459",
+    "cwe_refs": [
+      "CWE-122"
+    ],
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://nvd.nist.gov/vuln/detail/CVE-2009-3459"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2009-3459",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manual KEV-gap-fill: legacy CVE re-listed to CISA KEV 2026-05-20. Draft pending enrichment.",
+    "_auto_imported": true,
+    "_intake_method": "manual-kev-gap-fill-2026-05-20",
+    "_kev_short_description": "Adobe Acrobat and Reader heap-based buffer overflow allowing remote code execution via a crafted PDF."
+  },
+  "CVE-2010-0249": {
+    "name": "Microsoft Internet Explorer Use-After-Free (Operation Aurora)",
+    "type": "RCE",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+    "cvss_note": "Operator estimate for a legacy CVE re-listed to CISA KEV 2026-05-20. The Operation Aurora IE 0-day (2010). Refine via `exceptd refresh --advisory CVE-2010-0249 --apply`.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-20",
+    "cisa_kev_due_date": "2026-06-03",
+    "poc_available": true,
+    "poc_description": "Public, weaponized (Metasploit ie_aurora) — the original Operation Aurora intrusion set used it against Google and others in 2010. Re-listed for renewed exploitation against legacy IE.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Legacy CVE (2010); no AI-discovery provenance.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "Legacy nation-state weaponization (Aurora); not AI-assisted.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA KEV re-listing 2026-05-20 attests renewed active exploitation against legacy Internet Explorer installs.",
+    "affected": "Microsoft Internet Explorer 6/7/8 (per MS10-002).",
+    "affected_versions": [
+      "Microsoft Internet Explorer 6 / 7 / 8 (per MS10-002)"
+    ],
+    "vector": "A use-after-free in Internet Explorer's HTML rendering allows remote code execution when the victim visits a crafted page — the technique used in the 2010 Operation Aurora campaign.",
+    "complexity": "low",
+    "complexity_notes": "Client-side drive-by: visiting a crafted page. Public weaponized exploit; patch since 2010.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Microsoft patch MS10-002 (2010); requires reboot.",
+    "vendor_update_paths": [
+      "Apply MS10-002; decommission legacy Internet Explorer / end-of-life Windows."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Re-listing of the Aurora IE 0-day exposes the gap for legacy browsers still reachable in OT / kiosk / legacy estates.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely tracks end-of-life browsers that remain in use on legacy systems.",
+      "NIST-800-53-AC-6": "Browser RCE runs with the victim user's privileges; an Aurora-class chain then pivots."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1203"
+    ],
+    "rwep_score": 70,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 15,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "P1 — KEV-listed, historically nation-state-weaponized (Aurora) client-side RCE; blast_radius=15 (legacy-constrained). Draft (KEV-gap-fill).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this KEV-gap-fill draft.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2010-0249",
+    "cwe_refs": [
+      "CWE-416"
+    ],
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://nvd.nist.gov/vuln/detail/CVE-2010-0249"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2010-0249",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manual KEV-gap-fill: legacy CVE (Operation Aurora) re-listed to CISA KEV 2026-05-20. Draft pending enrichment.",
+    "_auto_imported": true,
+    "_intake_method": "manual-kev-gap-fill-2026-05-20",
+    "_kev_short_description": "Microsoft Internet Explorer use-after-free allowing remote code execution via a crafted web page (Operation Aurora)."
+  },
+  "CVE-2010-0806": {
+    "name": "Microsoft Internet Explorer Use-After-Free (iepeers)",
+    "type": "RCE",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+    "cvss_note": "Operator estimate for a legacy CVE re-listed to CISA KEV 2026-05-20. Refine via `exceptd refresh --advisory CVE-2010-0806 --apply`.",
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-20",
+    "cisa_kev_due_date": "2026-06-03",
+    "poc_available": true,
+    "poc_description": "Public, weaponized (Metasploit ie_iepeers_pointer) — exploited in the wild in 2010. Re-listed for renewed exploitation against legacy IE.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Legacy CVE (2010); no AI-discovery provenance.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "Legacy weaponization; not AI-assisted.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA KEV re-listing 2026-05-20 attests renewed active exploitation against legacy Internet Explorer installs.",
+    "affected": "Microsoft Internet Explorer 6/7 (per MS10-018).",
+    "affected_versions": [
+      "Microsoft Internet Explorer 6 / 7 (per MS10-018)"
+    ],
+    "vector": "A use-after-free in Internet Explorer's iepeers.dll allows remote code execution when the victim visits a crafted page.",
+    "complexity": "low",
+    "complexity_notes": "Client-side drive-by. Public weaponized exploit; patch since 2010.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Microsoft patch MS10-018 (2010); requires reboot.",
+    "vendor_update_paths": [
+      "Apply MS10-018; decommission legacy Internet Explorer / end-of-life Windows."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Re-listing of a legacy IE 0-day exposes the patch-deployment gap for end-of-life browsers in legacy estates.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely tracks end-of-life browsers still in use.",
+      "NIST-800-53-AC-6": "Browser RCE runs with the victim user's privileges."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1203"
+    ],
+    "rwep_score": 70,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 15,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "rwep_notes": "P1 — KEV-listed legacy client-side RCE; blast_radius=15 (legacy-constrained). Draft (KEV-gap-fill).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this KEV-gap-fill draft.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2010-0806",
+    "cwe_refs": [
+      "CWE-416"
+    ],
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://nvd.nist.gov/vuln/detail/CVE-2010-0806"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2010-0806",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manual KEV-gap-fill: legacy CVE re-listed to CISA KEV 2026-05-20. Draft pending enrichment.",
+    "_auto_imported": true,
+    "_intake_method": "manual-kev-gap-fill-2026-05-20",
+    "_kev_short_description": "Microsoft Internet Explorer iepeers.dll use-after-free allowing remote code execution via a crafted web page."
+  },
   "CVE-2025-32432": {
     "name": "Craft CMS Code Injection Vulnerability",
     "type": "RCE",

package/data/cwe-catalog.json

@@ -102,6 +102,7 @@
       "CVE-2025-4632",
       "CVE-2025-6218",
       "CVE-2025-8110",
+      "CVE-2026-25592",
       "CVE-2026-34926"
     ],
     "framework_controls_partially_addressing": [
@@ -368,6 +369,7 @@
       "CVE-2026-1281",
       "CVE-2026-1340",
       "CVE-2026-20045",
+      "CVE-2026-25592",
       "CVE-2026-30615",
       "CVE-2026-33017",
       "CVE-2026-34197",
@@ -1131,6 +1133,8 @@
       "kernel-lpe-triage"
     ],
     "evidence_cves": [
+      "CVE-2010-0249",
+      "CVE-2010-0806",
       "CVE-2020-9715",
       "CVE-2023-41974",
       "CVE-2023-43000",
@@ -1554,6 +1558,7 @@
       "kernel-lpe-triage"
     ],
     "evidence_cves": [
+      "CVE-2009-1537",
       "CVE-2021-22555",
       "CVE-2023-3519",
       "CVE-2024-21762",
@@ -2210,6 +2215,7 @@
     ],
     "related_weaknesses": [],
     "evidence_cves": [
+      "CVE-2008-4250",
       "CVE-2014-3931",
       "CVE-2025-14174",
       "CVE-2025-31277",
@@ -2716,6 +2722,7 @@
     ],
     "related_weaknesses": [],
     "evidence_cves": [
+      "CVE-2009-3459",
       "CVE-2025-32706",
       "CVE-2026-22778"
     ],