@blamejs/exceptd-skills 0.13.71 → 0.13.73

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.13.73 — 2026-05-25
+
+CVE catalog — MCP toolchain: adds **CVE-2025-49596**, the remote code execution in Anthropic's official MCP Inspector. The Inspector client and proxy have no authentication between them, so an unauthenticated request that reaches the browser-reachable proxy (loopback / 0.0.0.0) launches MCP commands over stdio — a malicious web page a developer visits drives it cross-origin (the 0.0.0.0-day / DNS-rebinding class), yielding RCE on the developer's machine. CWE-306; GitHub CNA CVSS v4.0 9.4 (NVD has not assessed v3.1; the catalog records a conservative v3.1 estimate of 8.3); fixed in `@modelcontextprotocol/inspector` 0.14.1. The framework-gap notes name the real exposure: MCP — the connective tissue of the agent ecosystem — concentrates RCE risk in its toolchain, which sits outside the managed vulnerability program on developer workstations. RWEP P3 (30): not KEV, no confirmed in-the-wild exploitation, patched at disclosure. CWE-306/352/346 + ATT&CK T1190/T1059, global-first framework gaps, behavioral IoCs, and a zero-day lesson whose new control (NEW-CTRL-081) requires locally-bound AI/MCP dev services to authenticate and origin-validate rather than trust loopback reachability. CVE count 322 → 323.
+
+## 0.13.72 — 2026-05-25
+
+CVE catalog — AI-framework threat intel: adds **CVE-2026-25592**, the Microsoft Semantic Kernel prompt-injection-to-RCE (CVSS 9.9 critical; Microsoft-disclosed 2026-05-07; fixed in Microsoft.SemanticKernel.Plugins.Core 1.71.0). A path traversal (CWE-22) in the `SessionsPythonPlugin` allows arbitrary file write; because the plugin runs inside a tool-wired agent, an injected prompt (ATLAS AML.T0051) drives the write to host code execution — a single prompt was shown launching calc.exe on the agent host. This is the catalog's core thesis made concrete: once an agent can reach a file-writing or code-running tool, prompt injection is a remote-code-execution primitive, not a content-safety nuisance. The RWEP score is deliberately P3 (30) despite the 9.9 CVSS — it is not KEV-listed, has no confirmed in-the-wild exploitation, and shipped with a patch (Hard Rule #3: real-world-exploit priority over CVSS). The entry carries CWE-22/94 + ATLAS AML.T0051 + ATT&CK T1059/T1203 mappings, global-first framework gaps including the prompt-injection access-control gap, behavioral IoCs, and a zero-day lesson whose new control (NEW-CTRL-080) requires sandboxing the AI agent's tool-execution boundary. CVE count 321 → 322.
+
 ## 0.13.71 — 2026-05-25
 
 CVE catalog currency: closes the last of the 2026-05-20 CISA KEV batch by adding the five legacy CVEs CISA re-listed for renewed exploitation against unpatched / end-of-life systems — CVE-2008-4250 (Windows Server-service RPC RCE, MS08-067 / Conficker), CVE-2009-1537 (DirectShow QuickTime parsing RCE), CVE-2009-3459 (Adobe Acrobat/Reader heap overflow), CVE-2010-0249 (Internet Explorer use-after-free, Operation Aurora), and CVE-2010-0806 (Internet Explorer iepeers use-after-free). Each is KEV-listed 2026-05-20, due 2026-06-03, with patches long available — the re-listing is a legacy-exploitation-resurgence signal, and the framework-gap notes call out that the real exposure is the patch-deployment gap on assets that have fallen out of the managed vulnerability program. Added as enrichment-pending drafts (RWEP P1 70, CWE + ATT&CK mappings, reverse references propagated) matching the catalog's auto-imported KEV-intake convention. With these, the catalog is current to the latest published CISA KEV as of today. CVE count 316 → 321.

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-25T12:26:27.873Z",
+  "generated_at": "2026-05-25T13:30:00.326Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "4d256554216769625ae78dd8f5ed476b5ac909c507baf4e309ae2f5bb62c73f3",
-    "data/atlas-ttps.json": "019f12d24dc45ef8f5ae8812dec7c31a9506429a94751aaa559890a007ec6b22",
-    "data/attack-techniques.json": "812c7c826116ab5def0a0fbb66a33bf9cf35987fc48885883e73f8937bff013f",
-    "data/cve-catalog.json": "de2d3a5ecc39d4f7be972712d948f0f04e9cdfe4d128b17ac2d21d022b1e71f8",
-    "data/cwe-catalog.json": "997d078443ede73715724bf4c31592699ea9171a5e1441fb898d17c065f9359a",
+    "manifest.json": "20fd726ecbe98bda6e3d898f27b0d6bc1b93c9d083c1029af01b5c328d980c3a",
+    "data/atlas-ttps.json": "eb47b6ad6b38e9a785a36769897adc8987fbc27a4b0b77ea4bed9c6d2aba0f3c",
+    "data/attack-techniques.json": "7ab814c8fefab193b9a42ec7f9b62148401824cb127d62bd5a326660837a0e29",
+    "data/cve-catalog.json": "16e879393e25197612d4b349b69ce6862e5230f50b7cba263bc19ed3de5dbe50",
+    "data/cwe-catalog.json": "a90fcc2780afa8a3dbec6faed95aec7021bb6cf270136fdc3867030f5dedb38a",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "beda5f3950b07a3f1a8f1591fe42d237977caa8dae3389eb2e4b16abfe0bd3b9",
+    "data/framework-control-gaps.json": "4d6c6c85503e0565a0ed7c0dbf665861ba799251f569ba879c20741e0f1afc83",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
-    "data/zeroday-lessons.json": "a8283ec189cc26bab26ae942529cbce3c0fa9bea853eb8bf06a5a38e26bab41c",
+    "data/zeroday-lessons.json": "ac2ac160bfc823b2657e40e3996ca469ff214d1f91d38512b4d297e5c35eedb0",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
     "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
     "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 310,
+    "chains_cve_entries": 312,
     "chains_cwe_entries": 171,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -149,7 +149,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 321
+      "entry_count": 323
     },
     {
       "date": "2026-05-18",
@@ -165,7 +165,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 316
+      "entry_count": 318
     },
     {
       "date": "2026-05-17",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 321,
+      "entry_count": 323,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 316,
+      "entry_count": 318,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",