@blamejs/exceptd-skills 0.13.74 → 0.13.76

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +8 -8
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +2695 -0
  6. package/data/attack-techniques.json +14 -0
  7. package/data/cve-catalog.json +682 -1
  8. package/data/cwe-catalog.json +16 -2
  9. package/data/framework-control-gaps.json +50 -1
  10. package/data/zeroday-lessons.json +350 -0
  11. package/manifest.json +44 -44
  12. package/package.json +2 -2
  13. package/sbom.cdx.json +23 -23
package/data/_indexes/chains.json CHANGED
@@ -17335,6 +17335,2540 @@
17335
17335
  ]
17336
17336
  }
17337
17337
  },
17338
+ "CVE-2026-22252": {
17339
+ "name": "LibreChat MCP stdio Transport — Authenticated Arbitrary Command Execution as Root",
17340
+ "rwep": 30,
17341
+ "cvss": 9.9,
17342
+ "cisa_kev": false,
17343
+ "epss_score": null,
17344
+ "referencing_skills": [
17345
+ "kernel-lpe-triage",
17346
+ "ai-attack-surface",
17347
+ "compliance-theater",
17348
+ "attack-surface-pentest",
17349
+ "ot-ics-security",
17350
+ "coordinated-vuln-disclosure",
17351
+ "sector-energy"
17352
+ ],
17353
+ "chain": {
17354
+ "cwes": [
17355
+ {
17356
+ "id": "CWE-1037",
17357
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
17358
+ "category": "Hardware / Side Channel"
17359
+ },
17360
+ {
17361
+ "id": "CWE-1039",
17362
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
17363
+ "category": "AI/ML"
17364
+ },
17365
+ {
17366
+ "id": "CWE-125",
17367
+ "name": "Out-of-bounds Read",
17368
+ "category": "Memory Safety"
17369
+ },
17370
+ {
17371
+ "id": "CWE-1357",
17372
+ "name": "Reliance on Insufficiently Trustworthy Component",
17373
+ "category": "Supply Chain"
17374
+ },
17375
+ {
17376
+ "id": "CWE-1395",
17377
+ "name": "Dependency on Vulnerable Third-Party Component",
17378
+ "category": "Supply Chain"
17379
+ },
17380
+ {
17381
+ "id": "CWE-1426",
17382
+ "name": "Improper Validation of Generative AI Output",
17383
+ "category": "AI/ML"
17384
+ },
17385
+ {
17386
+ "id": "CWE-22",
17387
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
17388
+ "category": "Path/Resource"
17389
+ },
17390
+ {
17391
+ "id": "CWE-269",
17392
+ "name": "Improper Privilege Management",
17393
+ "category": "Authorization"
17394
+ },
17395
+ {
17396
+ "id": "CWE-287",
17397
+ "name": "Improper Authentication",
17398
+ "category": "Authentication"
17399
+ },
17400
+ {
17401
+ "id": "CWE-306",
17402
+ "name": "Missing Authentication for Critical Function",
17403
+ "category": "Authentication"
17404
+ },
17405
+ {
17406
+ "id": "CWE-352",
17407
+ "name": "Cross-Site Request Forgery (CSRF)",
17408
+ "category": "Session"
17409
+ },
17410
+ {
17411
+ "id": "CWE-362",
17412
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
17413
+ "category": "Concurrency"
17414
+ },
17415
+ {
17416
+ "id": "CWE-416",
17417
+ "name": "Use After Free",
17418
+ "category": "Memory Safety"
17419
+ },
17420
+ {
17421
+ "id": "CWE-434",
17422
+ "name": "Unrestricted Upload of File with Dangerous Type",
17423
+ "category": "File Handling"
17424
+ },
17425
+ {
17426
+ "id": "CWE-672",
17427
+ "name": "Operation on a Resource after Expiration or Release",
17428
+ "category": "Memory Safety"
17429
+ },
17430
+ {
17431
+ "id": "CWE-732",
17432
+ "name": "Incorrect Permission Assignment for Critical Resource",
17433
+ "category": "Authorization"
17434
+ },
17435
+ {
17436
+ "id": "CWE-78",
17437
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
17438
+ "category": "Injection"
17439
+ },
17440
+ {
17441
+ "id": "CWE-787",
17442
+ "name": "Out-of-bounds Write",
17443
+ "category": "Memory Safety"
17444
+ },
17445
+ {
17446
+ "id": "CWE-79",
17447
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
17448
+ "category": "Injection"
17449
+ },
17450
+ {
17451
+ "id": "CWE-798",
17452
+ "name": "Use of Hard-coded Credentials",
17453
+ "category": "Credentials"
17454
+ },
17455
+ {
17456
+ "id": "CWE-89",
17457
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
17458
+ "category": "Injection"
17459
+ },
17460
+ {
17461
+ "id": "CWE-918",
17462
+ "name": "Server-Side Request Forgery (SSRF)",
17463
+ "category": "Network"
17464
+ },
17465
+ {
17466
+ "id": "CWE-94",
17467
+ "name": "Improper Control of Generation of Code (Code Injection)",
17468
+ "category": "Injection"
17469
+ }
17470
+ ],
17471
+ "atlas": [
17472
+ {
17473
+ "id": "AML.T0010",
17474
+ "name": "ML Supply Chain Compromise",
17475
+ "tactic": "Initial Access"
17476
+ },
17477
+ {
17478
+ "id": "AML.T0016",
17479
+ "name": "Obtain Capabilities: Develop Capabilities",
17480
+ "tactic": "Resource Development"
17481
+ },
17482
+ {
17483
+ "id": "AML.T0017",
17484
+ "name": "Discover ML Model Ontology",
17485
+ "tactic": "Discovery"
17486
+ },
17487
+ {
17488
+ "id": "AML.T0018",
17489
+ "name": "Backdoor ML Model",
17490
+ "tactic": "Persistence"
17491
+ },
17492
+ {
17493
+ "id": "AML.T0020",
17494
+ "name": "Poison Training Data",
17495
+ "tactic": "ML Attack Staging"
17496
+ },
17497
+ {
17498
+ "id": "AML.T0043",
17499
+ "name": "Craft Adversarial Data",
17500
+ "tactic": "ML Attack Staging"
17501
+ },
17502
+ {
17503
+ "id": "AML.T0051",
17504
+ "name": "LLM Prompt Injection",
17505
+ "tactic": "Execution"
17506
+ },
17507
+ {
17508
+ "id": "AML.T0054",
17509
+ "name": "LLM Jailbreak",
17510
+ "tactic": "Defense Evasion"
17511
+ },
17512
+ {
17513
+ "id": "AML.T0096",
17514
+ "name": "AI API as Covert C2 Channel",
17515
+ "tactic": "Command and Control"
17516
+ }
17517
+ ],
17518
+ "d3fend": [
17519
+ {
17520
+ "id": "D3-ASLR",
17521
+ "name": "Address Space Layout Randomization",
17522
+ "tactic": "Harden"
17523
+ },
17524
+ {
17525
+ "id": "D3-CSPP",
17526
+ "name": "Client-server Payload Profiling",
17527
+ "tactic": "Detect"
17528
+ },
17529
+ {
17530
+ "id": "D3-EAL",
17531
+ "name": "Executable Allowlisting",
17532
+ "tactic": "Harden"
17533
+ },
17534
+ {
17535
+ "id": "D3-IOPR",
17536
+ "name": "Input/Output Profiling Resource",
17537
+ "tactic": "Detect"
17538
+ },
17539
+ {
17540
+ "id": "D3-NTA",
17541
+ "name": "Network Traffic Analysis",
17542
+ "tactic": "Detect"
17543
+ },
17544
+ {
17545
+ "id": "D3-PHRA",
17546
+ "name": "Process Hardware Resource Access",
17547
+ "tactic": "Isolate"
17548
+ },
17549
+ {
17550
+ "id": "D3-PSEP",
17551
+ "name": "Process Segment Execution Prevention",
17552
+ "tactic": "Harden"
17553
+ }
17554
+ ],
17555
+ "framework_gaps": [
17556
+ {
17557
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
17558
+ "framework": "ALL",
17559
+ "control_name": "AI Pipeline Integrity"
17560
+ },
17561
+ {
17562
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
17563
+ "framework": "ALL",
17564
+ "control_name": "Prompt Injection as Access Control Failure"
17565
+ },
17566
+ {
17567
+ "id": "CIS-Controls-v8-Control7",
17568
+ "framework": "CIS Controls v8",
17569
+ "control_name": "Continuous Vulnerability Management"
17570
+ },
17571
+ {
17572
+ "id": "CMMC-2.0-Level-2",
17573
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
17574
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
17575
+ },
17576
+ {
17577
+ "id": "FedRAMP-Rev5-Moderate",
17578
+ "framework": "FedRAMP Rev 5 Moderate",
17579
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
17580
+ },
17581
+ {
17582
+ "id": "IEC-62443-3-3",
17583
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
17584
+ "control_name": "System security requirements and security levels"
17585
+ },
17586
+ {
17587
+ "id": "ISO-27001-2022-A.8.28",
17588
+ "framework": "ISO/IEC 27001:2022",
17589
+ "control_name": "Secure coding"
17590
+ },
17591
+ {
17592
+ "id": "ISO-27001-2022-A.8.8",
17593
+ "framework": "ISO/IEC 27001:2022",
17594
+ "control_name": "Management of technical vulnerabilities"
17595
+ },
17596
+ {
17597
+ "id": "ISO-IEC-23894-2023-clause-7",
17598
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
17599
+ "control_name": "AI risk management process"
17600
+ },
17601
+ {
17602
+ "id": "NERC-CIP-007-6-R4",
17603
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
17604
+ "control_name": "Security event monitoring"
17605
+ },
17606
+ {
17607
+ "id": "NIS2-Art21-patch-management",
17608
+ "framework": "EU NIS2 Directive",
17609
+ "control_name": "Vulnerability handling and disclosure"
17610
+ },
17611
+ {
17612
+ "id": "NIST-800-115",
17613
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
17614
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
17615
+ },
17616
+ {
17617
+ "id": "NIST-800-218-SSDF",
17618
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
17619
+ "control_name": "Secure Software Development Framework"
17620
+ },
17621
+ {
17622
+ "id": "NIST-800-53-AC-2",
17623
+ "framework": "NIST SP 800-53 Rev 5",
17624
+ "control_name": "Account Management"
17625
+ },
17626
+ {
17627
+ "id": "NIST-800-53-SC-8",
17628
+ "framework": "NIST SP 800-53 Rev 5",
17629
+ "control_name": "Transmission Confidentiality and Integrity"
17630
+ },
17631
+ {
17632
+ "id": "NIST-800-53-SI-2",
17633
+ "framework": "NIST SP 800-53 Rev 5",
17634
+ "control_name": "Flaw Remediation"
17635
+ },
17636
+ {
17637
+ "id": "NIST-800-53-SI-3",
17638
+ "framework": "NIST SP 800-53 Rev 5",
17639
+ "control_name": "Malicious Code Protection"
17640
+ },
17641
+ {
17642
+ "id": "NIST-800-82r3",
17643
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
17644
+ "control_name": "Guide to Operational Technology (OT) Security"
17645
+ },
17646
+ {
17647
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
17648
+ "framework": "OWASP Top 10 for LLM Applications 2025",
17649
+ "control_name": "Prompt Injection"
17650
+ },
17651
+ {
17652
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
17653
+ "framework": "OWASP Top 10 for LLM Applications 2025",
17654
+ "control_name": "Sensitive Information Disclosure"
17655
+ },
17656
+ {
17657
+ "id": "OWASP-Pen-Testing-Guide-v5",
17658
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
17659
+ "control_name": "Web application penetration testing methodology"
17660
+ },
17661
+ {
17662
+ "id": "PCI-DSS-4.0-6.3.3",
17663
+ "framework": "PCI DSS 4.0",
17664
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
17665
+ },
17666
+ {
17667
+ "id": "PTES-Pre-engagement",
17668
+ "framework": "Penetration Testing Execution Standard (PTES)",
17669
+ "control_name": "Pre-engagement Interactions"
17670
+ },
17671
+ {
17672
+ "id": "SOC2-CC6-logical-access",
17673
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
17674
+ "control_name": "Logical and Physical Access Controls"
17675
+ },
17676
+ {
17677
+ "id": "SOC2-CC9-vendor-management",
17678
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
17679
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
17680
+ }
17681
+ ],
17682
+ "attack_refs": [
17683
+ "T0855",
17684
+ "T0883",
17685
+ "T1059",
17686
+ "T1068",
17687
+ "T1078",
17688
+ "T1133",
17689
+ "T1190",
17690
+ "T1548.001",
17691
+ "T1566"
17692
+ ],
17693
+ "rfc_refs": [
17694
+ "RFC-4301",
17695
+ "RFC-4303",
17696
+ "RFC-7296"
17697
+ ]
17698
+ }
17699
+ },
17700
+ "CVE-2026-22688": {
17701
+ "name": "Tencent WeKnora MCP stdio Command Injection",
17702
+ "rwep": 30,
17703
+ "cvss": 8.8,
17704
+ "cisa_kev": false,
17705
+ "epss_score": null,
17706
+ "referencing_skills": [
17707
+ "kernel-lpe-triage",
17708
+ "ai-attack-surface",
17709
+ "compliance-theater",
17710
+ "attack-surface-pentest",
17711
+ "ot-ics-security",
17712
+ "coordinated-vuln-disclosure",
17713
+ "sector-energy"
17714
+ ],
17715
+ "chain": {
17716
+ "cwes": [
17717
+ {
17718
+ "id": "CWE-1037",
17719
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
17720
+ "category": "Hardware / Side Channel"
17721
+ },
17722
+ {
17723
+ "id": "CWE-1039",
17724
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
17725
+ "category": "AI/ML"
17726
+ },
17727
+ {
17728
+ "id": "CWE-125",
17729
+ "name": "Out-of-bounds Read",
17730
+ "category": "Memory Safety"
17731
+ },
17732
+ {
17733
+ "id": "CWE-1357",
17734
+ "name": "Reliance on Insufficiently Trustworthy Component",
17735
+ "category": "Supply Chain"
17736
+ },
17737
+ {
17738
+ "id": "CWE-1395",
17739
+ "name": "Dependency on Vulnerable Third-Party Component",
17740
+ "category": "Supply Chain"
17741
+ },
17742
+ {
17743
+ "id": "CWE-1426",
17744
+ "name": "Improper Validation of Generative AI Output",
17745
+ "category": "AI/ML"
17746
+ },
17747
+ {
17748
+ "id": "CWE-22",
17749
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
17750
+ "category": "Path/Resource"
17751
+ },
17752
+ {
17753
+ "id": "CWE-269",
17754
+ "name": "Improper Privilege Management",
17755
+ "category": "Authorization"
17756
+ },
17757
+ {
17758
+ "id": "CWE-287",
17759
+ "name": "Improper Authentication",
17760
+ "category": "Authentication"
17761
+ },
17762
+ {
17763
+ "id": "CWE-306",
17764
+ "name": "Missing Authentication for Critical Function",
17765
+ "category": "Authentication"
17766
+ },
17767
+ {
17768
+ "id": "CWE-352",
17769
+ "name": "Cross-Site Request Forgery (CSRF)",
17770
+ "category": "Session"
17771
+ },
17772
+ {
17773
+ "id": "CWE-362",
17774
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
17775
+ "category": "Concurrency"
17776
+ },
17777
+ {
17778
+ "id": "CWE-416",
17779
+ "name": "Use After Free",
17780
+ "category": "Memory Safety"
17781
+ },
17782
+ {
17783
+ "id": "CWE-434",
17784
+ "name": "Unrestricted Upload of File with Dangerous Type",
17785
+ "category": "File Handling"
17786
+ },
17787
+ {
17788
+ "id": "CWE-672",
17789
+ "name": "Operation on a Resource after Expiration or Release",
17790
+ "category": "Memory Safety"
17791
+ },
17792
+ {
17793
+ "id": "CWE-732",
17794
+ "name": "Incorrect Permission Assignment for Critical Resource",
17795
+ "category": "Authorization"
17796
+ },
17797
+ {
17798
+ "id": "CWE-78",
17799
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
17800
+ "category": "Injection"
17801
+ },
17802
+ {
17803
+ "id": "CWE-787",
17804
+ "name": "Out-of-bounds Write",
17805
+ "category": "Memory Safety"
17806
+ },
17807
+ {
17808
+ "id": "CWE-79",
17809
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
17810
+ "category": "Injection"
17811
+ },
17812
+ {
17813
+ "id": "CWE-798",
17814
+ "name": "Use of Hard-coded Credentials",
17815
+ "category": "Credentials"
17816
+ },
17817
+ {
17818
+ "id": "CWE-89",
17819
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
17820
+ "category": "Injection"
17821
+ },
17822
+ {
17823
+ "id": "CWE-918",
17824
+ "name": "Server-Side Request Forgery (SSRF)",
17825
+ "category": "Network"
17826
+ },
17827
+ {
17828
+ "id": "CWE-94",
17829
+ "name": "Improper Control of Generation of Code (Code Injection)",
17830
+ "category": "Injection"
17831
+ }
17832
+ ],
17833
+ "atlas": [
17834
+ {
17835
+ "id": "AML.T0010",
17836
+ "name": "ML Supply Chain Compromise",
17837
+ "tactic": "Initial Access"
17838
+ },
17839
+ {
17840
+ "id": "AML.T0016",
17841
+ "name": "Obtain Capabilities: Develop Capabilities",
17842
+ "tactic": "Resource Development"
17843
+ },
17844
+ {
17845
+ "id": "AML.T0017",
17846
+ "name": "Discover ML Model Ontology",
17847
+ "tactic": "Discovery"
17848
+ },
17849
+ {
17850
+ "id": "AML.T0018",
17851
+ "name": "Backdoor ML Model",
17852
+ "tactic": "Persistence"
17853
+ },
17854
+ {
17855
+ "id": "AML.T0020",
17856
+ "name": "Poison Training Data",
17857
+ "tactic": "ML Attack Staging"
17858
+ },
17859
+ {
17860
+ "id": "AML.T0043",
17861
+ "name": "Craft Adversarial Data",
17862
+ "tactic": "ML Attack Staging"
17863
+ },
17864
+ {
17865
+ "id": "AML.T0051",
17866
+ "name": "LLM Prompt Injection",
17867
+ "tactic": "Execution"
17868
+ },
17869
+ {
17870
+ "id": "AML.T0054",
17871
+ "name": "LLM Jailbreak",
17872
+ "tactic": "Defense Evasion"
17873
+ },
17874
+ {
17875
+ "id": "AML.T0096",
17876
+ "name": "AI API as Covert C2 Channel",
17877
+ "tactic": "Command and Control"
17878
+ }
17879
+ ],
17880
+ "d3fend": [
17881
+ {
17882
+ "id": "D3-ASLR",
17883
+ "name": "Address Space Layout Randomization",
17884
+ "tactic": "Harden"
17885
+ },
17886
+ {
17887
+ "id": "D3-CSPP",
17888
+ "name": "Client-server Payload Profiling",
17889
+ "tactic": "Detect"
17890
+ },
17891
+ {
17892
+ "id": "D3-EAL",
17893
+ "name": "Executable Allowlisting",
17894
+ "tactic": "Harden"
17895
+ },
17896
+ {
17897
+ "id": "D3-IOPR",
17898
+ "name": "Input/Output Profiling Resource",
17899
+ "tactic": "Detect"
17900
+ },
17901
+ {
17902
+ "id": "D3-NTA",
17903
+ "name": "Network Traffic Analysis",
17904
+ "tactic": "Detect"
17905
+ },
17906
+ {
17907
+ "id": "D3-PHRA",
17908
+ "name": "Process Hardware Resource Access",
17909
+ "tactic": "Isolate"
17910
+ },
17911
+ {
17912
+ "id": "D3-PSEP",
17913
+ "name": "Process Segment Execution Prevention",
17914
+ "tactic": "Harden"
17915
+ }
17916
+ ],
17917
+ "framework_gaps": [
17918
+ {
17919
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
17920
+ "framework": "ALL",
17921
+ "control_name": "AI Pipeline Integrity"
17922
+ },
17923
+ {
17924
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
17925
+ "framework": "ALL",
17926
+ "control_name": "Prompt Injection as Access Control Failure"
17927
+ },
17928
+ {
17929
+ "id": "CIS-Controls-v8-Control7",
17930
+ "framework": "CIS Controls v8",
17931
+ "control_name": "Continuous Vulnerability Management"
17932
+ },
17933
+ {
17934
+ "id": "CMMC-2.0-Level-2",
17935
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
17936
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
17937
+ },
17938
+ {
17939
+ "id": "FedRAMP-Rev5-Moderate",
17940
+ "framework": "FedRAMP Rev 5 Moderate",
17941
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
17942
+ },
17943
+ {
17944
+ "id": "IEC-62443-3-3",
17945
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
17946
+ "control_name": "System security requirements and security levels"
17947
+ },
17948
+ {
17949
+ "id": "ISO-27001-2022-A.8.28",
17950
+ "framework": "ISO/IEC 27001:2022",
17951
+ "control_name": "Secure coding"
17952
+ },
17953
+ {
17954
+ "id": "ISO-27001-2022-A.8.8",
17955
+ "framework": "ISO/IEC 27001:2022",
17956
+ "control_name": "Management of technical vulnerabilities"
17957
+ },
17958
+ {
17959
+ "id": "ISO-IEC-23894-2023-clause-7",
17960
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
17961
+ "control_name": "AI risk management process"
17962
+ },
17963
+ {
17964
+ "id": "NERC-CIP-007-6-R4",
17965
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
17966
+ "control_name": "Security event monitoring"
17967
+ },
17968
+ {
17969
+ "id": "NIS2-Art21-patch-management",
17970
+ "framework": "EU NIS2 Directive",
17971
+ "control_name": "Vulnerability handling and disclosure"
17972
+ },
17973
+ {
17974
+ "id": "NIST-800-115",
17975
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
17976
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
17977
+ },
17978
+ {
17979
+ "id": "NIST-800-218-SSDF",
17980
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
17981
+ "control_name": "Secure Software Development Framework"
17982
+ },
17983
+ {
17984
+ "id": "NIST-800-53-AC-2",
17985
+ "framework": "NIST SP 800-53 Rev 5",
17986
+ "control_name": "Account Management"
17987
+ },
17988
+ {
17989
+ "id": "NIST-800-53-SC-8",
17990
+ "framework": "NIST SP 800-53 Rev 5",
17991
+ "control_name": "Transmission Confidentiality and Integrity"
17992
+ },
17993
+ {
17994
+ "id": "NIST-800-53-SI-2",
17995
+ "framework": "NIST SP 800-53 Rev 5",
17996
+ "control_name": "Flaw Remediation"
17997
+ },
17998
+ {
17999
+ "id": "NIST-800-53-SI-3",
18000
+ "framework": "NIST SP 800-53 Rev 5",
18001
+ "control_name": "Malicious Code Protection"
18002
+ },
18003
+ {
18004
+ "id": "NIST-800-82r3",
18005
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
18006
+ "control_name": "Guide to Operational Technology (OT) Security"
18007
+ },
18008
+ {
18009
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
18010
+ "framework": "OWASP Top 10 for LLM Applications 2025",
18011
+ "control_name": "Prompt Injection"
18012
+ },
18013
+ {
18014
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
18015
+ "framework": "OWASP Top 10 for LLM Applications 2025",
18016
+ "control_name": "Sensitive Information Disclosure"
18017
+ },
18018
+ {
18019
+ "id": "OWASP-Pen-Testing-Guide-v5",
18020
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
18021
+ "control_name": "Web application penetration testing methodology"
18022
+ },
18023
+ {
18024
+ "id": "PCI-DSS-4.0-6.3.3",
18025
+ "framework": "PCI DSS 4.0",
18026
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
18027
+ },
18028
+ {
18029
+ "id": "PTES-Pre-engagement",
18030
+ "framework": "Penetration Testing Execution Standard (PTES)",
18031
+ "control_name": "Pre-engagement Interactions"
18032
+ },
18033
+ {
18034
+ "id": "SOC2-CC6-logical-access",
18035
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
18036
+ "control_name": "Logical and Physical Access Controls"
18037
+ },
18038
+ {
18039
+ "id": "SOC2-CC9-vendor-management",
18040
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
18041
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
18042
+ }
18043
+ ],
18044
+ "attack_refs": [
18045
+ "T0855",
18046
+ "T0883",
18047
+ "T1059",
18048
+ "T1068",
18049
+ "T1078",
18050
+ "T1133",
18051
+ "T1190",
18052
+ "T1548.001",
18053
+ "T1566"
18054
+ ],
18055
+ "rfc_refs": [
18056
+ "RFC-4301",
18057
+ "RFC-4303",
18058
+ "RFC-7296"
18059
+ ]
18060
+ }
18061
+ },
18062
+ "CVE-2026-40933": {
18063
+ "name": "FlowiseAI Flowise MCP Custom Config Command Injection",
18064
+ "rwep": 30,
18065
+ "cvss": 9.9,
18066
+ "cisa_kev": false,
18067
+ "epss_score": null,
18068
+ "referencing_skills": [
18069
+ "kernel-lpe-triage",
18070
+ "ai-attack-surface",
18071
+ "compliance-theater",
18072
+ "attack-surface-pentest",
18073
+ "ot-ics-security",
18074
+ "coordinated-vuln-disclosure",
18075
+ "sector-energy"
18076
+ ],
18077
+ "chain": {
18078
+ "cwes": [
18079
+ {
18080
+ "id": "CWE-1037",
18081
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
18082
+ "category": "Hardware / Side Channel"
18083
+ },
18084
+ {
18085
+ "id": "CWE-1039",
18086
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
18087
+ "category": "AI/ML"
18088
+ },
18089
+ {
18090
+ "id": "CWE-125",
18091
+ "name": "Out-of-bounds Read",
18092
+ "category": "Memory Safety"
18093
+ },
18094
+ {
18095
+ "id": "CWE-1357",
18096
+ "name": "Reliance on Insufficiently Trustworthy Component",
18097
+ "category": "Supply Chain"
18098
+ },
18099
+ {
18100
+ "id": "CWE-1395",
18101
+ "name": "Dependency on Vulnerable Third-Party Component",
18102
+ "category": "Supply Chain"
18103
+ },
18104
+ {
18105
+ "id": "CWE-1426",
18106
+ "name": "Improper Validation of Generative AI Output",
18107
+ "category": "AI/ML"
18108
+ },
18109
+ {
18110
+ "id": "CWE-22",
18111
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
18112
+ "category": "Path/Resource"
18113
+ },
18114
+ {
18115
+ "id": "CWE-269",
18116
+ "name": "Improper Privilege Management",
18117
+ "category": "Authorization"
18118
+ },
18119
+ {
18120
+ "id": "CWE-287",
18121
+ "name": "Improper Authentication",
18122
+ "category": "Authentication"
18123
+ },
18124
+ {
18125
+ "id": "CWE-306",
18126
+ "name": "Missing Authentication for Critical Function",
18127
+ "category": "Authentication"
18128
+ },
18129
+ {
18130
+ "id": "CWE-352",
18131
+ "name": "Cross-Site Request Forgery (CSRF)",
18132
+ "category": "Session"
18133
+ },
18134
+ {
18135
+ "id": "CWE-362",
18136
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
18137
+ "category": "Concurrency"
18138
+ },
18139
+ {
18140
+ "id": "CWE-416",
18141
+ "name": "Use After Free",
18142
+ "category": "Memory Safety"
18143
+ },
18144
+ {
18145
+ "id": "CWE-434",
18146
+ "name": "Unrestricted Upload of File with Dangerous Type",
18147
+ "category": "File Handling"
18148
+ },
18149
+ {
18150
+ "id": "CWE-672",
18151
+ "name": "Operation on a Resource after Expiration or Release",
18152
+ "category": "Memory Safety"
18153
+ },
18154
+ {
18155
+ "id": "CWE-732",
18156
+ "name": "Incorrect Permission Assignment for Critical Resource",
18157
+ "category": "Authorization"
18158
+ },
18159
+ {
18160
+ "id": "CWE-78",
18161
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
18162
+ "category": "Injection"
18163
+ },
18164
+ {
18165
+ "id": "CWE-787",
18166
+ "name": "Out-of-bounds Write",
18167
+ "category": "Memory Safety"
18168
+ },
18169
+ {
18170
+ "id": "CWE-79",
18171
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
18172
+ "category": "Injection"
18173
+ },
18174
+ {
18175
+ "id": "CWE-798",
18176
+ "name": "Use of Hard-coded Credentials",
18177
+ "category": "Credentials"
18178
+ },
18179
+ {
18180
+ "id": "CWE-89",
18181
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
18182
+ "category": "Injection"
18183
+ },
18184
+ {
18185
+ "id": "CWE-918",
18186
+ "name": "Server-Side Request Forgery (SSRF)",
18187
+ "category": "Network"
18188
+ },
18189
+ {
18190
+ "id": "CWE-94",
18191
+ "name": "Improper Control of Generation of Code (Code Injection)",
18192
+ "category": "Injection"
18193
+ }
18194
+ ],
18195
+ "atlas": [
18196
+ {
18197
+ "id": "AML.T0010",
18198
+ "name": "ML Supply Chain Compromise",
18199
+ "tactic": "Initial Access"
18200
+ },
18201
+ {
18202
+ "id": "AML.T0016",
18203
+ "name": "Obtain Capabilities: Develop Capabilities",
18204
+ "tactic": "Resource Development"
18205
+ },
18206
+ {
18207
+ "id": "AML.T0017",
18208
+ "name": "Discover ML Model Ontology",
18209
+ "tactic": "Discovery"
18210
+ },
18211
+ {
18212
+ "id": "AML.T0018",
18213
+ "name": "Backdoor ML Model",
18214
+ "tactic": "Persistence"
18215
+ },
18216
+ {
18217
+ "id": "AML.T0020",
18218
+ "name": "Poison Training Data",
18219
+ "tactic": "ML Attack Staging"
18220
+ },
18221
+ {
18222
+ "id": "AML.T0043",
18223
+ "name": "Craft Adversarial Data",
18224
+ "tactic": "ML Attack Staging"
18225
+ },
18226
+ {
18227
+ "id": "AML.T0051",
18228
+ "name": "LLM Prompt Injection",
18229
+ "tactic": "Execution"
18230
+ },
18231
+ {
18232
+ "id": "AML.T0054",
18233
+ "name": "LLM Jailbreak",
18234
+ "tactic": "Defense Evasion"
18235
+ },
18236
+ {
18237
+ "id": "AML.T0096",
18238
+ "name": "AI API as Covert C2 Channel",
18239
+ "tactic": "Command and Control"
18240
+ }
18241
+ ],
18242
+ "d3fend": [
18243
+ {
18244
+ "id": "D3-ASLR",
18245
+ "name": "Address Space Layout Randomization",
18246
+ "tactic": "Harden"
18247
+ },
18248
+ {
18249
+ "id": "D3-CSPP",
18250
+ "name": "Client-server Payload Profiling",
18251
+ "tactic": "Detect"
18252
+ },
18253
+ {
18254
+ "id": "D3-EAL",
18255
+ "name": "Executable Allowlisting",
18256
+ "tactic": "Harden"
18257
+ },
18258
+ {
18259
+ "id": "D3-IOPR",
18260
+ "name": "Input/Output Profiling Resource",
18261
+ "tactic": "Detect"
18262
+ },
18263
+ {
18264
+ "id": "D3-NTA",
18265
+ "name": "Network Traffic Analysis",
18266
+ "tactic": "Detect"
18267
+ },
18268
+ {
18269
+ "id": "D3-PHRA",
18270
+ "name": "Process Hardware Resource Access",
18271
+ "tactic": "Isolate"
18272
+ },
18273
+ {
18274
+ "id": "D3-PSEP",
18275
+ "name": "Process Segment Execution Prevention",
18276
+ "tactic": "Harden"
18277
+ }
18278
+ ],
18279
+ "framework_gaps": [
18280
+ {
18281
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
18282
+ "framework": "ALL",
18283
+ "control_name": "AI Pipeline Integrity"
18284
+ },
18285
+ {
18286
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
18287
+ "framework": "ALL",
18288
+ "control_name": "Prompt Injection as Access Control Failure"
18289
+ },
18290
+ {
18291
+ "id": "CIS-Controls-v8-Control7",
18292
+ "framework": "CIS Controls v8",
18293
+ "control_name": "Continuous Vulnerability Management"
18294
+ },
18295
+ {
18296
+ "id": "CMMC-2.0-Level-2",
18297
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
18298
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
18299
+ },
18300
+ {
18301
+ "id": "FedRAMP-Rev5-Moderate",
18302
+ "framework": "FedRAMP Rev 5 Moderate",
18303
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
18304
+ },
18305
+ {
18306
+ "id": "IEC-62443-3-3",
18307
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
18308
+ "control_name": "System security requirements and security levels"
18309
+ },
18310
+ {
18311
+ "id": "ISO-27001-2022-A.8.28",
18312
+ "framework": "ISO/IEC 27001:2022",
18313
+ "control_name": "Secure coding"
18314
+ },
18315
+ {
18316
+ "id": "ISO-27001-2022-A.8.8",
18317
+ "framework": "ISO/IEC 27001:2022",
18318
+ "control_name": "Management of technical vulnerabilities"
18319
+ },
18320
+ {
18321
+ "id": "ISO-IEC-23894-2023-clause-7",
18322
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
18323
+ "control_name": "AI risk management process"
18324
+ },
18325
+ {
18326
+ "id": "NERC-CIP-007-6-R4",
18327
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
18328
+ "control_name": "Security event monitoring"
18329
+ },
18330
+ {
18331
+ "id": "NIS2-Art21-patch-management",
18332
+ "framework": "EU NIS2 Directive",
18333
+ "control_name": "Vulnerability handling and disclosure"
18334
+ },
18335
+ {
18336
+ "id": "NIST-800-115",
18337
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
18338
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
18339
+ },
18340
+ {
18341
+ "id": "NIST-800-218-SSDF",
18342
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
18343
+ "control_name": "Secure Software Development Framework"
18344
+ },
18345
+ {
18346
+ "id": "NIST-800-53-AC-2",
18347
+ "framework": "NIST SP 800-53 Rev 5",
18348
+ "control_name": "Account Management"
18349
+ },
18350
+ {
18351
+ "id": "NIST-800-53-SC-8",
18352
+ "framework": "NIST SP 800-53 Rev 5",
18353
+ "control_name": "Transmission Confidentiality and Integrity"
18354
+ },
18355
+ {
18356
+ "id": "NIST-800-53-SI-2",
18357
+ "framework": "NIST SP 800-53 Rev 5",
18358
+ "control_name": "Flaw Remediation"
18359
+ },
18360
+ {
18361
+ "id": "NIST-800-53-SI-3",
18362
+ "framework": "NIST SP 800-53 Rev 5",
18363
+ "control_name": "Malicious Code Protection"
18364
+ },
18365
+ {
18366
+ "id": "NIST-800-82r3",
18367
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
18368
+ "control_name": "Guide to Operational Technology (OT) Security"
18369
+ },
18370
+ {
18371
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
18372
+ "framework": "OWASP Top 10 for LLM Applications 2025",
18373
+ "control_name": "Prompt Injection"
18374
+ },
18375
+ {
18376
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
18377
+ "framework": "OWASP Top 10 for LLM Applications 2025",
18378
+ "control_name": "Sensitive Information Disclosure"
18379
+ },
18380
+ {
18381
+ "id": "OWASP-Pen-Testing-Guide-v5",
18382
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
18383
+ "control_name": "Web application penetration testing methodology"
18384
+ },
18385
+ {
18386
+ "id": "PCI-DSS-4.0-6.3.3",
18387
+ "framework": "PCI DSS 4.0",
18388
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
18389
+ },
18390
+ {
18391
+ "id": "PTES-Pre-engagement",
18392
+ "framework": "Penetration Testing Execution Standard (PTES)",
18393
+ "control_name": "Pre-engagement Interactions"
18394
+ },
18395
+ {
18396
+ "id": "SOC2-CC6-logical-access",
18397
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
18398
+ "control_name": "Logical and Physical Access Controls"
18399
+ },
18400
+ {
18401
+ "id": "SOC2-CC9-vendor-management",
18402
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
18403
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
18404
+ }
18405
+ ],
18406
+ "attack_refs": [
18407
+ "T0855",
18408
+ "T0883",
18409
+ "T1059",
18410
+ "T1068",
18411
+ "T1078",
18412
+ "T1133",
18413
+ "T1190",
18414
+ "T1548.001",
18415
+ "T1566"
18416
+ ],
18417
+ "rfc_refs": [
18418
+ "RFC-4301",
18419
+ "RFC-4303",
18420
+ "RFC-7296"
18421
+ ]
18422
+ }
18423
+ },
18424
+ "CVE-2026-30624": {
18425
+ "name": "Agent Zero MCP Server Config Command Injection",
18426
+ "rwep": 40,
18427
+ "cvss": 8.6,
18428
+ "cisa_kev": false,
18429
+ "epss_score": null,
18430
+ "referencing_skills": [
18431
+ "kernel-lpe-triage",
18432
+ "ai-attack-surface",
18433
+ "compliance-theater",
18434
+ "attack-surface-pentest",
18435
+ "ot-ics-security",
18436
+ "coordinated-vuln-disclosure",
18437
+ "sector-energy"
18438
+ ],
18439
+ "chain": {
18440
+ "cwes": [
18441
+ {
18442
+ "id": "CWE-1037",
18443
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
18444
+ "category": "Hardware / Side Channel"
18445
+ },
18446
+ {
18447
+ "id": "CWE-1039",
18448
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
18449
+ "category": "AI/ML"
18450
+ },
18451
+ {
18452
+ "id": "CWE-125",
18453
+ "name": "Out-of-bounds Read",
18454
+ "category": "Memory Safety"
18455
+ },
18456
+ {
18457
+ "id": "CWE-1357",
18458
+ "name": "Reliance on Insufficiently Trustworthy Component",
18459
+ "category": "Supply Chain"
18460
+ },
18461
+ {
18462
+ "id": "CWE-1395",
18463
+ "name": "Dependency on Vulnerable Third-Party Component",
18464
+ "category": "Supply Chain"
18465
+ },
18466
+ {
18467
+ "id": "CWE-1426",
18468
+ "name": "Improper Validation of Generative AI Output",
18469
+ "category": "AI/ML"
18470
+ },
18471
+ {
18472
+ "id": "CWE-22",
18473
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
18474
+ "category": "Path/Resource"
18475
+ },
18476
+ {
18477
+ "id": "CWE-269",
18478
+ "name": "Improper Privilege Management",
18479
+ "category": "Authorization"
18480
+ },
18481
+ {
18482
+ "id": "CWE-287",
18483
+ "name": "Improper Authentication",
18484
+ "category": "Authentication"
18485
+ },
18486
+ {
18487
+ "id": "CWE-306",
18488
+ "name": "Missing Authentication for Critical Function",
18489
+ "category": "Authentication"
18490
+ },
18491
+ {
18492
+ "id": "CWE-352",
18493
+ "name": "Cross-Site Request Forgery (CSRF)",
18494
+ "category": "Session"
18495
+ },
18496
+ {
18497
+ "id": "CWE-362",
18498
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
18499
+ "category": "Concurrency"
18500
+ },
18501
+ {
18502
+ "id": "CWE-416",
18503
+ "name": "Use After Free",
18504
+ "category": "Memory Safety"
18505
+ },
18506
+ {
18507
+ "id": "CWE-434",
18508
+ "name": "Unrestricted Upload of File with Dangerous Type",
18509
+ "category": "File Handling"
18510
+ },
18511
+ {
18512
+ "id": "CWE-672",
18513
+ "name": "Operation on a Resource after Expiration or Release",
18514
+ "category": "Memory Safety"
18515
+ },
18516
+ {
18517
+ "id": "CWE-732",
18518
+ "name": "Incorrect Permission Assignment for Critical Resource",
18519
+ "category": "Authorization"
18520
+ },
18521
+ {
18522
+ "id": "CWE-78",
18523
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
18524
+ "category": "Injection"
18525
+ },
18526
+ {
18527
+ "id": "CWE-787",
18528
+ "name": "Out-of-bounds Write",
18529
+ "category": "Memory Safety"
18530
+ },
18531
+ {
18532
+ "id": "CWE-79",
18533
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
18534
+ "category": "Injection"
18535
+ },
18536
+ {
18537
+ "id": "CWE-798",
18538
+ "name": "Use of Hard-coded Credentials",
18539
+ "category": "Credentials"
18540
+ },
18541
+ {
18542
+ "id": "CWE-89",
18543
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
18544
+ "category": "Injection"
18545
+ },
18546
+ {
18547
+ "id": "CWE-918",
18548
+ "name": "Server-Side Request Forgery (SSRF)",
18549
+ "category": "Network"
18550
+ },
18551
+ {
18552
+ "id": "CWE-94",
18553
+ "name": "Improper Control of Generation of Code (Code Injection)",
18554
+ "category": "Injection"
18555
+ }
18556
+ ],
18557
+ "atlas": [
18558
+ {
18559
+ "id": "AML.T0010",
18560
+ "name": "ML Supply Chain Compromise",
18561
+ "tactic": "Initial Access"
18562
+ },
18563
+ {
18564
+ "id": "AML.T0016",
18565
+ "name": "Obtain Capabilities: Develop Capabilities",
18566
+ "tactic": "Resource Development"
18567
+ },
18568
+ {
18569
+ "id": "AML.T0017",
18570
+ "name": "Discover ML Model Ontology",
18571
+ "tactic": "Discovery"
18572
+ },
18573
+ {
18574
+ "id": "AML.T0018",
18575
+ "name": "Backdoor ML Model",
18576
+ "tactic": "Persistence"
18577
+ },
18578
+ {
18579
+ "id": "AML.T0020",
18580
+ "name": "Poison Training Data",
18581
+ "tactic": "ML Attack Staging"
18582
+ },
18583
+ {
18584
+ "id": "AML.T0043",
18585
+ "name": "Craft Adversarial Data",
18586
+ "tactic": "ML Attack Staging"
18587
+ },
18588
+ {
18589
+ "id": "AML.T0051",
18590
+ "name": "LLM Prompt Injection",
18591
+ "tactic": "Execution"
18592
+ },
18593
+ {
18594
+ "id": "AML.T0054",
18595
+ "name": "LLM Jailbreak",
18596
+ "tactic": "Defense Evasion"
18597
+ },
18598
+ {
18599
+ "id": "AML.T0096",
18600
+ "name": "AI API as Covert C2 Channel",
18601
+ "tactic": "Command and Control"
18602
+ }
18603
+ ],
18604
+ "d3fend": [
18605
+ {
18606
+ "id": "D3-ASLR",
18607
+ "name": "Address Space Layout Randomization",
18608
+ "tactic": "Harden"
18609
+ },
18610
+ {
18611
+ "id": "D3-CSPP",
18612
+ "name": "Client-server Payload Profiling",
18613
+ "tactic": "Detect"
18614
+ },
18615
+ {
18616
+ "id": "D3-EAL",
18617
+ "name": "Executable Allowlisting",
18618
+ "tactic": "Harden"
18619
+ },
18620
+ {
18621
+ "id": "D3-IOPR",
18622
+ "name": "Input/Output Profiling Resource",
18623
+ "tactic": "Detect"
18624
+ },
18625
+ {
18626
+ "id": "D3-NTA",
18627
+ "name": "Network Traffic Analysis",
18628
+ "tactic": "Detect"
18629
+ },
18630
+ {
18631
+ "id": "D3-PHRA",
18632
+ "name": "Process Hardware Resource Access",
18633
+ "tactic": "Isolate"
18634
+ },
18635
+ {
18636
+ "id": "D3-PSEP",
18637
+ "name": "Process Segment Execution Prevention",
18638
+ "tactic": "Harden"
18639
+ }
18640
+ ],
18641
+ "framework_gaps": [
18642
+ {
18643
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
18644
+ "framework": "ALL",
18645
+ "control_name": "AI Pipeline Integrity"
18646
+ },
18647
+ {
18648
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
18649
+ "framework": "ALL",
18650
+ "control_name": "Prompt Injection as Access Control Failure"
18651
+ },
18652
+ {
18653
+ "id": "CIS-Controls-v8-Control7",
18654
+ "framework": "CIS Controls v8",
18655
+ "control_name": "Continuous Vulnerability Management"
18656
+ },
18657
+ {
18658
+ "id": "CMMC-2.0-Level-2",
18659
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
18660
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
18661
+ },
18662
+ {
18663
+ "id": "FedRAMP-Rev5-Moderate",
18664
+ "framework": "FedRAMP Rev 5 Moderate",
18665
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
18666
+ },
18667
+ {
18668
+ "id": "IEC-62443-3-3",
18669
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
18670
+ "control_name": "System security requirements and security levels"
18671
+ },
18672
+ {
18673
+ "id": "ISO-27001-2022-A.8.28",
18674
+ "framework": "ISO/IEC 27001:2022",
18675
+ "control_name": "Secure coding"
18676
+ },
18677
+ {
18678
+ "id": "ISO-27001-2022-A.8.8",
18679
+ "framework": "ISO/IEC 27001:2022",
18680
+ "control_name": "Management of technical vulnerabilities"
18681
+ },
18682
+ {
18683
+ "id": "ISO-IEC-23894-2023-clause-7",
18684
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
18685
+ "control_name": "AI risk management process"
18686
+ },
18687
+ {
18688
+ "id": "NERC-CIP-007-6-R4",
18689
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
18690
+ "control_name": "Security event monitoring"
18691
+ },
18692
+ {
18693
+ "id": "NIS2-Art21-patch-management",
18694
+ "framework": "EU NIS2 Directive",
18695
+ "control_name": "Vulnerability handling and disclosure"
18696
+ },
18697
+ {
18698
+ "id": "NIST-800-115",
18699
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
18700
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
18701
+ },
18702
+ {
18703
+ "id": "NIST-800-218-SSDF",
18704
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
18705
+ "control_name": "Secure Software Development Framework"
18706
+ },
18707
+ {
18708
+ "id": "NIST-800-53-AC-2",
18709
+ "framework": "NIST SP 800-53 Rev 5",
18710
+ "control_name": "Account Management"
18711
+ },
18712
+ {
18713
+ "id": "NIST-800-53-SC-8",
18714
+ "framework": "NIST SP 800-53 Rev 5",
18715
+ "control_name": "Transmission Confidentiality and Integrity"
18716
+ },
18717
+ {
18718
+ "id": "NIST-800-53-SI-2",
18719
+ "framework": "NIST SP 800-53 Rev 5",
18720
+ "control_name": "Flaw Remediation"
18721
+ },
18722
+ {
18723
+ "id": "NIST-800-53-SI-3",
18724
+ "framework": "NIST SP 800-53 Rev 5",
18725
+ "control_name": "Malicious Code Protection"
18726
+ },
18727
+ {
18728
+ "id": "NIST-800-82r3",
18729
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
18730
+ "control_name": "Guide to Operational Technology (OT) Security"
18731
+ },
18732
+ {
18733
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
18734
+ "framework": "OWASP Top 10 for LLM Applications 2025",
18735
+ "control_name": "Prompt Injection"
18736
+ },
18737
+ {
18738
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
18739
+ "framework": "OWASP Top 10 for LLM Applications 2025",
18740
+ "control_name": "Sensitive Information Disclosure"
18741
+ },
18742
+ {
18743
+ "id": "OWASP-Pen-Testing-Guide-v5",
18744
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
18745
+ "control_name": "Web application penetration testing methodology"
18746
+ },
18747
+ {
18748
+ "id": "PCI-DSS-4.0-6.3.3",
18749
+ "framework": "PCI DSS 4.0",
18750
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
18751
+ },
18752
+ {
18753
+ "id": "PTES-Pre-engagement",
18754
+ "framework": "Penetration Testing Execution Standard (PTES)",
18755
+ "control_name": "Pre-engagement Interactions"
18756
+ },
18757
+ {
18758
+ "id": "SOC2-CC6-logical-access",
18759
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
18760
+ "control_name": "Logical and Physical Access Controls"
18761
+ },
18762
+ {
18763
+ "id": "SOC2-CC9-vendor-management",
18764
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
18765
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
18766
+ }
18767
+ ],
18768
+ "attack_refs": [
18769
+ "T0855",
18770
+ "T0883",
18771
+ "T1059",
18772
+ "T1068",
18773
+ "T1078",
18774
+ "T1133",
18775
+ "T1190",
18776
+ "T1548.001",
18777
+ "T1566"
18778
+ ],
18779
+ "rfc_refs": [
18780
+ "RFC-4301",
18781
+ "RFC-4303",
18782
+ "RFC-7296"
18783
+ ]
18784
+ }
18785
+ },
18786
+ "CVE-2026-30616": {
18787
+ "name": "Jaaz MCP stdio Command Execution RCE",
18788
+ "rwep": 35,
18789
+ "cvss": 7.3,
18790
+ "cisa_kev": false,
18791
+ "epss_score": null,
18792
+ "referencing_skills": [
18793
+ "kernel-lpe-triage",
18794
+ "ai-attack-surface",
18795
+ "compliance-theater",
18796
+ "attack-surface-pentest",
18797
+ "ot-ics-security",
18798
+ "coordinated-vuln-disclosure",
18799
+ "sector-energy"
18800
+ ],
18801
+ "chain": {
18802
+ "cwes": [
18803
+ {
18804
+ "id": "CWE-1037",
18805
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
18806
+ "category": "Hardware / Side Channel"
18807
+ },
18808
+ {
18809
+ "id": "CWE-1039",
18810
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
18811
+ "category": "AI/ML"
18812
+ },
18813
+ {
18814
+ "id": "CWE-125",
18815
+ "name": "Out-of-bounds Read",
18816
+ "category": "Memory Safety"
18817
+ },
18818
+ {
18819
+ "id": "CWE-1357",
18820
+ "name": "Reliance on Insufficiently Trustworthy Component",
18821
+ "category": "Supply Chain"
18822
+ },
18823
+ {
18824
+ "id": "CWE-1395",
18825
+ "name": "Dependency on Vulnerable Third-Party Component",
18826
+ "category": "Supply Chain"
18827
+ },
18828
+ {
18829
+ "id": "CWE-1426",
18830
+ "name": "Improper Validation of Generative AI Output",
18831
+ "category": "AI/ML"
18832
+ },
18833
+ {
18834
+ "id": "CWE-22",
18835
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
18836
+ "category": "Path/Resource"
18837
+ },
18838
+ {
18839
+ "id": "CWE-269",
18840
+ "name": "Improper Privilege Management",
18841
+ "category": "Authorization"
18842
+ },
18843
+ {
18844
+ "id": "CWE-287",
18845
+ "name": "Improper Authentication",
18846
+ "category": "Authentication"
18847
+ },
18848
+ {
18849
+ "id": "CWE-306",
18850
+ "name": "Missing Authentication for Critical Function",
18851
+ "category": "Authentication"
18852
+ },
18853
+ {
18854
+ "id": "CWE-352",
18855
+ "name": "Cross-Site Request Forgery (CSRF)",
18856
+ "category": "Session"
18857
+ },
18858
+ {
18859
+ "id": "CWE-362",
18860
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
18861
+ "category": "Concurrency"
18862
+ },
18863
+ {
18864
+ "id": "CWE-416",
18865
+ "name": "Use After Free",
18866
+ "category": "Memory Safety"
18867
+ },
18868
+ {
18869
+ "id": "CWE-434",
18870
+ "name": "Unrestricted Upload of File with Dangerous Type",
18871
+ "category": "File Handling"
18872
+ },
18873
+ {
18874
+ "id": "CWE-672",
18875
+ "name": "Operation on a Resource after Expiration or Release",
18876
+ "category": "Memory Safety"
18877
+ },
18878
+ {
18879
+ "id": "CWE-732",
18880
+ "name": "Incorrect Permission Assignment for Critical Resource",
18881
+ "category": "Authorization"
18882
+ },
18883
+ {
18884
+ "id": "CWE-78",
18885
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
18886
+ "category": "Injection"
18887
+ },
18888
+ {
18889
+ "id": "CWE-787",
18890
+ "name": "Out-of-bounds Write",
18891
+ "category": "Memory Safety"
18892
+ },
18893
+ {
18894
+ "id": "CWE-79",
18895
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
18896
+ "category": "Injection"
18897
+ },
18898
+ {
18899
+ "id": "CWE-798",
18900
+ "name": "Use of Hard-coded Credentials",
18901
+ "category": "Credentials"
18902
+ },
18903
+ {
18904
+ "id": "CWE-89",
18905
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
18906
+ "category": "Injection"
18907
+ },
18908
+ {
18909
+ "id": "CWE-918",
18910
+ "name": "Server-Side Request Forgery (SSRF)",
18911
+ "category": "Network"
18912
+ },
18913
+ {
18914
+ "id": "CWE-94",
18915
+ "name": "Improper Control of Generation of Code (Code Injection)",
18916
+ "category": "Injection"
18917
+ }
18918
+ ],
18919
+ "atlas": [
18920
+ {
18921
+ "id": "AML.T0010",
18922
+ "name": "ML Supply Chain Compromise",
18923
+ "tactic": "Initial Access"
18924
+ },
18925
+ {
18926
+ "id": "AML.T0016",
18927
+ "name": "Obtain Capabilities: Develop Capabilities",
18928
+ "tactic": "Resource Development"
18929
+ },
18930
+ {
18931
+ "id": "AML.T0017",
18932
+ "name": "Discover ML Model Ontology",
18933
+ "tactic": "Discovery"
18934
+ },
18935
+ {
18936
+ "id": "AML.T0018",
18937
+ "name": "Backdoor ML Model",
18938
+ "tactic": "Persistence"
18939
+ },
18940
+ {
18941
+ "id": "AML.T0020",
18942
+ "name": "Poison Training Data",
18943
+ "tactic": "ML Attack Staging"
18944
+ },
18945
+ {
18946
+ "id": "AML.T0043",
18947
+ "name": "Craft Adversarial Data",
18948
+ "tactic": "ML Attack Staging"
18949
+ },
18950
+ {
18951
+ "id": "AML.T0051",
18952
+ "name": "LLM Prompt Injection",
18953
+ "tactic": "Execution"
18954
+ },
18955
+ {
18956
+ "id": "AML.T0054",
18957
+ "name": "LLM Jailbreak",
18958
+ "tactic": "Defense Evasion"
18959
+ },
18960
+ {
18961
+ "id": "AML.T0096",
18962
+ "name": "AI API as Covert C2 Channel",
18963
+ "tactic": "Command and Control"
18964
+ }
18965
+ ],
18966
+ "d3fend": [
18967
+ {
18968
+ "id": "D3-ASLR",
18969
+ "name": "Address Space Layout Randomization",
18970
+ "tactic": "Harden"
18971
+ },
18972
+ {
18973
+ "id": "D3-CSPP",
18974
+ "name": "Client-server Payload Profiling",
18975
+ "tactic": "Detect"
18976
+ },
18977
+ {
18978
+ "id": "D3-EAL",
18979
+ "name": "Executable Allowlisting",
18980
+ "tactic": "Harden"
18981
+ },
18982
+ {
18983
+ "id": "D3-IOPR",
18984
+ "name": "Input/Output Profiling Resource",
18985
+ "tactic": "Detect"
18986
+ },
18987
+ {
18988
+ "id": "D3-NTA",
18989
+ "name": "Network Traffic Analysis",
18990
+ "tactic": "Detect"
18991
+ },
18992
+ {
18993
+ "id": "D3-PHRA",
18994
+ "name": "Process Hardware Resource Access",
18995
+ "tactic": "Isolate"
18996
+ },
18997
+ {
18998
+ "id": "D3-PSEP",
18999
+ "name": "Process Segment Execution Prevention",
19000
+ "tactic": "Harden"
19001
+ }
19002
+ ],
19003
+ "framework_gaps": [
19004
+ {
19005
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
19006
+ "framework": "ALL",
19007
+ "control_name": "AI Pipeline Integrity"
19008
+ },
19009
+ {
19010
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
19011
+ "framework": "ALL",
19012
+ "control_name": "Prompt Injection as Access Control Failure"
19013
+ },
19014
+ {
19015
+ "id": "CIS-Controls-v8-Control7",
19016
+ "framework": "CIS Controls v8",
19017
+ "control_name": "Continuous Vulnerability Management"
19018
+ },
19019
+ {
19020
+ "id": "CMMC-2.0-Level-2",
19021
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
19022
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
19023
+ },
19024
+ {
19025
+ "id": "FedRAMP-Rev5-Moderate",
19026
+ "framework": "FedRAMP Rev 5 Moderate",
19027
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
19028
+ },
19029
+ {
19030
+ "id": "IEC-62443-3-3",
19031
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
19032
+ "control_name": "System security requirements and security levels"
19033
+ },
19034
+ {
19035
+ "id": "ISO-27001-2022-A.8.28",
19036
+ "framework": "ISO/IEC 27001:2022",
19037
+ "control_name": "Secure coding"
19038
+ },
19039
+ {
19040
+ "id": "ISO-27001-2022-A.8.8",
19041
+ "framework": "ISO/IEC 27001:2022",
19042
+ "control_name": "Management of technical vulnerabilities"
19043
+ },
19044
+ {
19045
+ "id": "ISO-IEC-23894-2023-clause-7",
19046
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
19047
+ "control_name": "AI risk management process"
19048
+ },
19049
+ {
19050
+ "id": "NERC-CIP-007-6-R4",
19051
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
19052
+ "control_name": "Security event monitoring"
19053
+ },
19054
+ {
19055
+ "id": "NIS2-Art21-patch-management",
19056
+ "framework": "EU NIS2 Directive",
19057
+ "control_name": "Vulnerability handling and disclosure"
19058
+ },
19059
+ {
19060
+ "id": "NIST-800-115",
19061
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
19062
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
19063
+ },
19064
+ {
19065
+ "id": "NIST-800-218-SSDF",
19066
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
19067
+ "control_name": "Secure Software Development Framework"
19068
+ },
19069
+ {
19070
+ "id": "NIST-800-53-AC-2",
19071
+ "framework": "NIST SP 800-53 Rev 5",
19072
+ "control_name": "Account Management"
19073
+ },
19074
+ {
19075
+ "id": "NIST-800-53-SC-8",
19076
+ "framework": "NIST SP 800-53 Rev 5",
19077
+ "control_name": "Transmission Confidentiality and Integrity"
19078
+ },
19079
+ {
19080
+ "id": "NIST-800-53-SI-2",
19081
+ "framework": "NIST SP 800-53 Rev 5",
19082
+ "control_name": "Flaw Remediation"
19083
+ },
19084
+ {
19085
+ "id": "NIST-800-53-SI-3",
19086
+ "framework": "NIST SP 800-53 Rev 5",
19087
+ "control_name": "Malicious Code Protection"
19088
+ },
19089
+ {
19090
+ "id": "NIST-800-82r3",
19091
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
19092
+ "control_name": "Guide to Operational Technology (OT) Security"
19093
+ },
19094
+ {
19095
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
19096
+ "framework": "OWASP Top 10 for LLM Applications 2025",
19097
+ "control_name": "Prompt Injection"
19098
+ },
19099
+ {
19100
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
19101
+ "framework": "OWASP Top 10 for LLM Applications 2025",
19102
+ "control_name": "Sensitive Information Disclosure"
19103
+ },
19104
+ {
19105
+ "id": "OWASP-Pen-Testing-Guide-v5",
19106
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
19107
+ "control_name": "Web application penetration testing methodology"
19108
+ },
19109
+ {
19110
+ "id": "PCI-DSS-4.0-6.3.3",
19111
+ "framework": "PCI DSS 4.0",
19112
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
19113
+ },
19114
+ {
19115
+ "id": "PTES-Pre-engagement",
19116
+ "framework": "Penetration Testing Execution Standard (PTES)",
19117
+ "control_name": "Pre-engagement Interactions"
19118
+ },
19119
+ {
19120
+ "id": "SOC2-CC6-logical-access",
19121
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
19122
+ "control_name": "Logical and Physical Access Controls"
19123
+ },
19124
+ {
19125
+ "id": "SOC2-CC9-vendor-management",
19126
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
19127
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
19128
+ }
19129
+ ],
19130
+ "attack_refs": [
19131
+ "T0855",
19132
+ "T0883",
19133
+ "T1059",
19134
+ "T1068",
19135
+ "T1078",
19136
+ "T1133",
19137
+ "T1190",
19138
+ "T1548.001",
19139
+ "T1566"
19140
+ ],
19141
+ "rfc_refs": [
19142
+ "RFC-4301",
19143
+ "RFC-4303",
19144
+ "RFC-7296"
19145
+ ]
19146
+ }
19147
+ },
19148
+ "CVE-2026-30617": {
19149
+ "name": "Langchain-Chatchat MCP Management Interface stdio RCE",
19150
+ "rwep": 42,
19151
+ "cvss": 8.6,
19152
+ "cisa_kev": false,
19153
+ "epss_score": null,
19154
+ "referencing_skills": [
19155
+ "kernel-lpe-triage",
19156
+ "ai-attack-surface",
19157
+ "compliance-theater",
19158
+ "attack-surface-pentest",
19159
+ "ot-ics-security",
19160
+ "coordinated-vuln-disclosure",
19161
+ "sector-energy"
19162
+ ],
19163
+ "chain": {
19164
+ "cwes": [
19165
+ {
19166
+ "id": "CWE-1037",
19167
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
19168
+ "category": "Hardware / Side Channel"
19169
+ },
19170
+ {
19171
+ "id": "CWE-1039",
19172
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
19173
+ "category": "AI/ML"
19174
+ },
19175
+ {
19176
+ "id": "CWE-125",
19177
+ "name": "Out-of-bounds Read",
19178
+ "category": "Memory Safety"
19179
+ },
19180
+ {
19181
+ "id": "CWE-1357",
19182
+ "name": "Reliance on Insufficiently Trustworthy Component",
19183
+ "category": "Supply Chain"
19184
+ },
19185
+ {
19186
+ "id": "CWE-1395",
19187
+ "name": "Dependency on Vulnerable Third-Party Component",
19188
+ "category": "Supply Chain"
19189
+ },
19190
+ {
19191
+ "id": "CWE-1426",
19192
+ "name": "Improper Validation of Generative AI Output",
19193
+ "category": "AI/ML"
19194
+ },
19195
+ {
19196
+ "id": "CWE-22",
19197
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
19198
+ "category": "Path/Resource"
19199
+ },
19200
+ {
19201
+ "id": "CWE-269",
19202
+ "name": "Improper Privilege Management",
19203
+ "category": "Authorization"
19204
+ },
19205
+ {
19206
+ "id": "CWE-287",
19207
+ "name": "Improper Authentication",
19208
+ "category": "Authentication"
19209
+ },
19210
+ {
19211
+ "id": "CWE-306",
19212
+ "name": "Missing Authentication for Critical Function",
19213
+ "category": "Authentication"
19214
+ },
19215
+ {
19216
+ "id": "CWE-352",
19217
+ "name": "Cross-Site Request Forgery (CSRF)",
19218
+ "category": "Session"
19219
+ },
19220
+ {
19221
+ "id": "CWE-362",
19222
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
19223
+ "category": "Concurrency"
19224
+ },
19225
+ {
19226
+ "id": "CWE-416",
19227
+ "name": "Use After Free",
19228
+ "category": "Memory Safety"
19229
+ },
19230
+ {
19231
+ "id": "CWE-434",
19232
+ "name": "Unrestricted Upload of File with Dangerous Type",
19233
+ "category": "File Handling"
19234
+ },
19235
+ {
19236
+ "id": "CWE-672",
19237
+ "name": "Operation on a Resource after Expiration or Release",
19238
+ "category": "Memory Safety"
19239
+ },
19240
+ {
19241
+ "id": "CWE-732",
19242
+ "name": "Incorrect Permission Assignment for Critical Resource",
19243
+ "category": "Authorization"
19244
+ },
19245
+ {
19246
+ "id": "CWE-78",
19247
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
19248
+ "category": "Injection"
19249
+ },
19250
+ {
19251
+ "id": "CWE-787",
19252
+ "name": "Out-of-bounds Write",
19253
+ "category": "Memory Safety"
19254
+ },
19255
+ {
19256
+ "id": "CWE-79",
19257
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
19258
+ "category": "Injection"
19259
+ },
19260
+ {
19261
+ "id": "CWE-798",
19262
+ "name": "Use of Hard-coded Credentials",
19263
+ "category": "Credentials"
19264
+ },
19265
+ {
19266
+ "id": "CWE-89",
19267
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
19268
+ "category": "Injection"
19269
+ },
19270
+ {
19271
+ "id": "CWE-918",
19272
+ "name": "Server-Side Request Forgery (SSRF)",
19273
+ "category": "Network"
19274
+ },
19275
+ {
19276
+ "id": "CWE-94",
19277
+ "name": "Improper Control of Generation of Code (Code Injection)",
19278
+ "category": "Injection"
19279
+ }
19280
+ ],
19281
+ "atlas": [
19282
+ {
19283
+ "id": "AML.T0010",
19284
+ "name": "ML Supply Chain Compromise",
19285
+ "tactic": "Initial Access"
19286
+ },
19287
+ {
19288
+ "id": "AML.T0016",
19289
+ "name": "Obtain Capabilities: Develop Capabilities",
19290
+ "tactic": "Resource Development"
19291
+ },
19292
+ {
19293
+ "id": "AML.T0017",
19294
+ "name": "Discover ML Model Ontology",
19295
+ "tactic": "Discovery"
19296
+ },
19297
+ {
19298
+ "id": "AML.T0018",
19299
+ "name": "Backdoor ML Model",
19300
+ "tactic": "Persistence"
19301
+ },
19302
+ {
19303
+ "id": "AML.T0020",
19304
+ "name": "Poison Training Data",
19305
+ "tactic": "ML Attack Staging"
19306
+ },
19307
+ {
19308
+ "id": "AML.T0043",
19309
+ "name": "Craft Adversarial Data",
19310
+ "tactic": "ML Attack Staging"
19311
+ },
19312
+ {
19313
+ "id": "AML.T0051",
19314
+ "name": "LLM Prompt Injection",
19315
+ "tactic": "Execution"
19316
+ },
19317
+ {
19318
+ "id": "AML.T0054",
19319
+ "name": "LLM Jailbreak",
19320
+ "tactic": "Defense Evasion"
19321
+ },
19322
+ {
19323
+ "id": "AML.T0096",
19324
+ "name": "AI API as Covert C2 Channel",
19325
+ "tactic": "Command and Control"
19326
+ }
19327
+ ],
19328
+ "d3fend": [
19329
+ {
19330
+ "id": "D3-ASLR",
19331
+ "name": "Address Space Layout Randomization",
19332
+ "tactic": "Harden"
19333
+ },
19334
+ {
19335
+ "id": "D3-CSPP",
19336
+ "name": "Client-server Payload Profiling",
19337
+ "tactic": "Detect"
19338
+ },
19339
+ {
19340
+ "id": "D3-EAL",
19341
+ "name": "Executable Allowlisting",
19342
+ "tactic": "Harden"
19343
+ },
19344
+ {
19345
+ "id": "D3-IOPR",
19346
+ "name": "Input/Output Profiling Resource",
19347
+ "tactic": "Detect"
19348
+ },
19349
+ {
19350
+ "id": "D3-NTA",
19351
+ "name": "Network Traffic Analysis",
19352
+ "tactic": "Detect"
19353
+ },
19354
+ {
19355
+ "id": "D3-PHRA",
19356
+ "name": "Process Hardware Resource Access",
19357
+ "tactic": "Isolate"
19358
+ },
19359
+ {
19360
+ "id": "D3-PSEP",
19361
+ "name": "Process Segment Execution Prevention",
19362
+ "tactic": "Harden"
19363
+ }
19364
+ ],
19365
+ "framework_gaps": [
19366
+ {
19367
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
19368
+ "framework": "ALL",
19369
+ "control_name": "AI Pipeline Integrity"
19370
+ },
19371
+ {
19372
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
19373
+ "framework": "ALL",
19374
+ "control_name": "Prompt Injection as Access Control Failure"
19375
+ },
19376
+ {
19377
+ "id": "CIS-Controls-v8-Control7",
19378
+ "framework": "CIS Controls v8",
19379
+ "control_name": "Continuous Vulnerability Management"
19380
+ },
19381
+ {
19382
+ "id": "CMMC-2.0-Level-2",
19383
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
19384
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
19385
+ },
19386
+ {
19387
+ "id": "FedRAMP-Rev5-Moderate",
19388
+ "framework": "FedRAMP Rev 5 Moderate",
19389
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
19390
+ },
19391
+ {
19392
+ "id": "IEC-62443-3-3",
19393
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
19394
+ "control_name": "System security requirements and security levels"
19395
+ },
19396
+ {
19397
+ "id": "ISO-27001-2022-A.8.28",
19398
+ "framework": "ISO/IEC 27001:2022",
19399
+ "control_name": "Secure coding"
19400
+ },
19401
+ {
19402
+ "id": "ISO-27001-2022-A.8.8",
19403
+ "framework": "ISO/IEC 27001:2022",
19404
+ "control_name": "Management of technical vulnerabilities"
19405
+ },
19406
+ {
19407
+ "id": "ISO-IEC-23894-2023-clause-7",
19408
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
19409
+ "control_name": "AI risk management process"
19410
+ },
19411
+ {
19412
+ "id": "NERC-CIP-007-6-R4",
19413
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
19414
+ "control_name": "Security event monitoring"
19415
+ },
19416
+ {
19417
+ "id": "NIS2-Art21-patch-management",
19418
+ "framework": "EU NIS2 Directive",
19419
+ "control_name": "Vulnerability handling and disclosure"
19420
+ },
19421
+ {
19422
+ "id": "NIST-800-115",
19423
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
19424
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
19425
+ },
19426
+ {
19427
+ "id": "NIST-800-218-SSDF",
19428
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
19429
+ "control_name": "Secure Software Development Framework"
19430
+ },
19431
+ {
19432
+ "id": "NIST-800-53-AC-2",
19433
+ "framework": "NIST SP 800-53 Rev 5",
19434
+ "control_name": "Account Management"
19435
+ },
19436
+ {
19437
+ "id": "NIST-800-53-SC-8",
19438
+ "framework": "NIST SP 800-53 Rev 5",
19439
+ "control_name": "Transmission Confidentiality and Integrity"
19440
+ },
19441
+ {
19442
+ "id": "NIST-800-53-SI-2",
19443
+ "framework": "NIST SP 800-53 Rev 5",
19444
+ "control_name": "Flaw Remediation"
19445
+ },
19446
+ {
19447
+ "id": "NIST-800-53-SI-3",
19448
+ "framework": "NIST SP 800-53 Rev 5",
19449
+ "control_name": "Malicious Code Protection"
19450
+ },
19451
+ {
19452
+ "id": "NIST-800-82r3",
19453
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
19454
+ "control_name": "Guide to Operational Technology (OT) Security"
19455
+ },
19456
+ {
19457
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
19458
+ "framework": "OWASP Top 10 for LLM Applications 2025",
19459
+ "control_name": "Prompt Injection"
19460
+ },
19461
+ {
19462
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
19463
+ "framework": "OWASP Top 10 for LLM Applications 2025",
19464
+ "control_name": "Sensitive Information Disclosure"
19465
+ },
19466
+ {
19467
+ "id": "OWASP-Pen-Testing-Guide-v5",
19468
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
19469
+ "control_name": "Web application penetration testing methodology"
19470
+ },
19471
+ {
19472
+ "id": "PCI-DSS-4.0-6.3.3",
19473
+ "framework": "PCI DSS 4.0",
19474
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
19475
+ },
19476
+ {
19477
+ "id": "PTES-Pre-engagement",
19478
+ "framework": "Penetration Testing Execution Standard (PTES)",
19479
+ "control_name": "Pre-engagement Interactions"
19480
+ },
19481
+ {
19482
+ "id": "SOC2-CC6-logical-access",
19483
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
19484
+ "control_name": "Logical and Physical Access Controls"
19485
+ },
19486
+ {
19487
+ "id": "SOC2-CC9-vendor-management",
19488
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
19489
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
19490
+ }
19491
+ ],
19492
+ "attack_refs": [
19493
+ "T0855",
19494
+ "T0883",
19495
+ "T1059",
19496
+ "T1068",
19497
+ "T1078",
19498
+ "T1133",
19499
+ "T1190",
19500
+ "T1548.001",
19501
+ "T1566"
19502
+ ],
19503
+ "rfc_refs": [
19504
+ "RFC-4301",
19505
+ "RFC-4303",
19506
+ "RFC-7296"
19507
+ ]
19508
+ }
19509
+ },
19510
+ "CVE-2026-30625": {
19511
+ "name": "Upsonic MCP Task Allowed-Command Argument Injection RCE",
19512
+ "rwep": 38,
19513
+ "cvss": 9.8,
19514
+ "cisa_kev": false,
19515
+ "epss_score": null,
19516
+ "referencing_skills": [
19517
+ "kernel-lpe-triage",
19518
+ "ai-attack-surface",
19519
+ "compliance-theater",
19520
+ "attack-surface-pentest",
19521
+ "ot-ics-security",
19522
+ "coordinated-vuln-disclosure",
19523
+ "sector-energy"
19524
+ ],
19525
+ "chain": {
19526
+ "cwes": [
19527
+ {
19528
+ "id": "CWE-1037",
19529
+ "name": "Processor Optimization Removal or Modification of Security-critical Code",
19530
+ "category": "Hardware / Side Channel"
19531
+ },
19532
+ {
19533
+ "id": "CWE-1039",
19534
+ "name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
19535
+ "category": "AI/ML"
19536
+ },
19537
+ {
19538
+ "id": "CWE-125",
19539
+ "name": "Out-of-bounds Read",
19540
+ "category": "Memory Safety"
19541
+ },
19542
+ {
19543
+ "id": "CWE-1357",
19544
+ "name": "Reliance on Insufficiently Trustworthy Component",
19545
+ "category": "Supply Chain"
19546
+ },
19547
+ {
19548
+ "id": "CWE-1395",
19549
+ "name": "Dependency on Vulnerable Third-Party Component",
19550
+ "category": "Supply Chain"
19551
+ },
19552
+ {
19553
+ "id": "CWE-1426",
19554
+ "name": "Improper Validation of Generative AI Output",
19555
+ "category": "AI/ML"
19556
+ },
19557
+ {
19558
+ "id": "CWE-22",
19559
+ "name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
19560
+ "category": "Path/Resource"
19561
+ },
19562
+ {
19563
+ "id": "CWE-269",
19564
+ "name": "Improper Privilege Management",
19565
+ "category": "Authorization"
19566
+ },
19567
+ {
19568
+ "id": "CWE-287",
19569
+ "name": "Improper Authentication",
19570
+ "category": "Authentication"
19571
+ },
19572
+ {
19573
+ "id": "CWE-306",
19574
+ "name": "Missing Authentication for Critical Function",
19575
+ "category": "Authentication"
19576
+ },
19577
+ {
19578
+ "id": "CWE-352",
19579
+ "name": "Cross-Site Request Forgery (CSRF)",
19580
+ "category": "Session"
19581
+ },
19582
+ {
19583
+ "id": "CWE-362",
19584
+ "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
19585
+ "category": "Concurrency"
19586
+ },
19587
+ {
19588
+ "id": "CWE-416",
19589
+ "name": "Use After Free",
19590
+ "category": "Memory Safety"
19591
+ },
19592
+ {
19593
+ "id": "CWE-434",
19594
+ "name": "Unrestricted Upload of File with Dangerous Type",
19595
+ "category": "File Handling"
19596
+ },
19597
+ {
19598
+ "id": "CWE-672",
19599
+ "name": "Operation on a Resource after Expiration or Release",
19600
+ "category": "Memory Safety"
19601
+ },
19602
+ {
19603
+ "id": "CWE-732",
19604
+ "name": "Incorrect Permission Assignment for Critical Resource",
19605
+ "category": "Authorization"
19606
+ },
19607
+ {
19608
+ "id": "CWE-78",
19609
+ "name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
19610
+ "category": "Injection"
19611
+ },
19612
+ {
19613
+ "id": "CWE-787",
19614
+ "name": "Out-of-bounds Write",
19615
+ "category": "Memory Safety"
19616
+ },
19617
+ {
19618
+ "id": "CWE-79",
19619
+ "name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
19620
+ "category": "Injection"
19621
+ },
19622
+ {
19623
+ "id": "CWE-798",
19624
+ "name": "Use of Hard-coded Credentials",
19625
+ "category": "Credentials"
19626
+ },
19627
+ {
19628
+ "id": "CWE-89",
19629
+ "name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
19630
+ "category": "Injection"
19631
+ },
19632
+ {
19633
+ "id": "CWE-918",
19634
+ "name": "Server-Side Request Forgery (SSRF)",
19635
+ "category": "Network"
19636
+ },
19637
+ {
19638
+ "id": "CWE-94",
19639
+ "name": "Improper Control of Generation of Code (Code Injection)",
19640
+ "category": "Injection"
19641
+ }
19642
+ ],
19643
+ "atlas": [
19644
+ {
19645
+ "id": "AML.T0010",
19646
+ "name": "ML Supply Chain Compromise",
19647
+ "tactic": "Initial Access"
19648
+ },
19649
+ {
19650
+ "id": "AML.T0016",
19651
+ "name": "Obtain Capabilities: Develop Capabilities",
19652
+ "tactic": "Resource Development"
19653
+ },
19654
+ {
19655
+ "id": "AML.T0017",
19656
+ "name": "Discover ML Model Ontology",
19657
+ "tactic": "Discovery"
19658
+ },
19659
+ {
19660
+ "id": "AML.T0018",
19661
+ "name": "Backdoor ML Model",
19662
+ "tactic": "Persistence"
19663
+ },
19664
+ {
19665
+ "id": "AML.T0020",
19666
+ "name": "Poison Training Data",
19667
+ "tactic": "ML Attack Staging"
19668
+ },
19669
+ {
19670
+ "id": "AML.T0043",
19671
+ "name": "Craft Adversarial Data",
19672
+ "tactic": "ML Attack Staging"
19673
+ },
19674
+ {
19675
+ "id": "AML.T0051",
19676
+ "name": "LLM Prompt Injection",
19677
+ "tactic": "Execution"
19678
+ },
19679
+ {
19680
+ "id": "AML.T0054",
19681
+ "name": "LLM Jailbreak",
19682
+ "tactic": "Defense Evasion"
19683
+ },
19684
+ {
19685
+ "id": "AML.T0096",
19686
+ "name": "AI API as Covert C2 Channel",
19687
+ "tactic": "Command and Control"
19688
+ }
19689
+ ],
19690
+ "d3fend": [
19691
+ {
19692
+ "id": "D3-ASLR",
19693
+ "name": "Address Space Layout Randomization",
19694
+ "tactic": "Harden"
19695
+ },
19696
+ {
19697
+ "id": "D3-CSPP",
19698
+ "name": "Client-server Payload Profiling",
19699
+ "tactic": "Detect"
19700
+ },
19701
+ {
19702
+ "id": "D3-EAL",
19703
+ "name": "Executable Allowlisting",
19704
+ "tactic": "Harden"
19705
+ },
19706
+ {
19707
+ "id": "D3-IOPR",
19708
+ "name": "Input/Output Profiling Resource",
19709
+ "tactic": "Detect"
19710
+ },
19711
+ {
19712
+ "id": "D3-NTA",
19713
+ "name": "Network Traffic Analysis",
19714
+ "tactic": "Detect"
19715
+ },
19716
+ {
19717
+ "id": "D3-PHRA",
19718
+ "name": "Process Hardware Resource Access",
19719
+ "tactic": "Isolate"
19720
+ },
19721
+ {
19722
+ "id": "D3-PSEP",
19723
+ "name": "Process Segment Execution Prevention",
19724
+ "tactic": "Harden"
19725
+ }
19726
+ ],
19727
+ "framework_gaps": [
19728
+ {
19729
+ "id": "ALL-AI-PIPELINE-INTEGRITY",
19730
+ "framework": "ALL",
19731
+ "control_name": "AI Pipeline Integrity"
19732
+ },
19733
+ {
19734
+ "id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
19735
+ "framework": "ALL",
19736
+ "control_name": "Prompt Injection as Access Control Failure"
19737
+ },
19738
+ {
19739
+ "id": "CIS-Controls-v8-Control7",
19740
+ "framework": "CIS Controls v8",
19741
+ "control_name": "Continuous Vulnerability Management"
19742
+ },
19743
+ {
19744
+ "id": "CMMC-2.0-Level-2",
19745
+ "framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
19746
+ "control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
19747
+ },
19748
+ {
19749
+ "id": "FedRAMP-Rev5-Moderate",
19750
+ "framework": "FedRAMP Rev 5 Moderate",
19751
+ "control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
19752
+ },
19753
+ {
19754
+ "id": "IEC-62443-3-3",
19755
+ "framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
19756
+ "control_name": "System security requirements and security levels"
19757
+ },
19758
+ {
19759
+ "id": "ISO-27001-2022-A.8.28",
19760
+ "framework": "ISO/IEC 27001:2022",
19761
+ "control_name": "Secure coding"
19762
+ },
19763
+ {
19764
+ "id": "ISO-27001-2022-A.8.8",
19765
+ "framework": "ISO/IEC 27001:2022",
19766
+ "control_name": "Management of technical vulnerabilities"
19767
+ },
19768
+ {
19769
+ "id": "ISO-IEC-23894-2023-clause-7",
19770
+ "framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
19771
+ "control_name": "AI risk management process"
19772
+ },
19773
+ {
19774
+ "id": "NERC-CIP-007-6-R4",
19775
+ "framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
19776
+ "control_name": "Security event monitoring"
19777
+ },
19778
+ {
19779
+ "id": "NIS2-Art21-patch-management",
19780
+ "framework": "EU NIS2 Directive",
19781
+ "control_name": "Vulnerability handling and disclosure"
19782
+ },
19783
+ {
19784
+ "id": "NIST-800-115",
19785
+ "framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
19786
+ "control_name": "Technical Guide to Information Security Testing and Assessment"
19787
+ },
19788
+ {
19789
+ "id": "NIST-800-218-SSDF",
19790
+ "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
19791
+ "control_name": "Secure Software Development Framework"
19792
+ },
19793
+ {
19794
+ "id": "NIST-800-53-AC-2",
19795
+ "framework": "NIST SP 800-53 Rev 5",
19796
+ "control_name": "Account Management"
19797
+ },
19798
+ {
19799
+ "id": "NIST-800-53-SC-8",
19800
+ "framework": "NIST SP 800-53 Rev 5",
19801
+ "control_name": "Transmission Confidentiality and Integrity"
19802
+ },
19803
+ {
19804
+ "id": "NIST-800-53-SI-2",
19805
+ "framework": "NIST SP 800-53 Rev 5",
19806
+ "control_name": "Flaw Remediation"
19807
+ },
19808
+ {
19809
+ "id": "NIST-800-53-SI-3",
19810
+ "framework": "NIST SP 800-53 Rev 5",
19811
+ "control_name": "Malicious Code Protection"
19812
+ },
19813
+ {
19814
+ "id": "NIST-800-82r3",
19815
+ "framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
19816
+ "control_name": "Guide to Operational Technology (OT) Security"
19817
+ },
19818
+ {
19819
+ "id": "OWASP-LLM-Top-10-2025-LLM01",
19820
+ "framework": "OWASP Top 10 for LLM Applications 2025",
19821
+ "control_name": "Prompt Injection"
19822
+ },
19823
+ {
19824
+ "id": "OWASP-LLM-Top-10-2025-LLM02",
19825
+ "framework": "OWASP Top 10 for LLM Applications 2025",
19826
+ "control_name": "Sensitive Information Disclosure"
19827
+ },
19828
+ {
19829
+ "id": "OWASP-Pen-Testing-Guide-v5",
19830
+ "framework": "OWASP Web Security Testing Guide v5 (WSTG)",
19831
+ "control_name": "Web application penetration testing methodology"
19832
+ },
19833
+ {
19834
+ "id": "PCI-DSS-4.0-6.3.3",
19835
+ "framework": "PCI DSS 4.0",
19836
+ "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
19837
+ },
19838
+ {
19839
+ "id": "PTES-Pre-engagement",
19840
+ "framework": "Penetration Testing Execution Standard (PTES)",
19841
+ "control_name": "Pre-engagement Interactions"
19842
+ },
19843
+ {
19844
+ "id": "SOC2-CC6-logical-access",
19845
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
19846
+ "control_name": "Logical and Physical Access Controls"
19847
+ },
19848
+ {
19849
+ "id": "SOC2-CC9-vendor-management",
19850
+ "framework": "SOC 2 (AICPA Trust Services Criteria)",
19851
+ "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
19852
+ }
19853
+ ],
19854
+ "attack_refs": [
19855
+ "T0855",
19856
+ "T0883",
19857
+ "T1059",
19858
+ "T1068",
19859
+ "T1078",
19860
+ "T1133",
19861
+ "T1190",
19862
+ "T1548.001",
19863
+ "T1566"
19864
+ ],
19865
+ "rfc_refs": [
19866
+ "RFC-4301",
19867
+ "RFC-4303",
19868
+ "RFC-7296"
19869
+ ]
19870
+ }
19871
+ },
17338
19872
  "CVE-2026-41091": {
17339
19873
  "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
17340
19874
  "rwep": 45,
@@ -43725,12 +46259,19 @@
43725
46259
  "CVE-2025-53773",
43726
46260
  "CVE-2025-54136",
43727
46261
  "CVE-2025-6965",
46262
+ "CVE-2026-22252",
46263
+ "CVE-2026-22688",
43728
46264
  "CVE-2026-25592",
43729
46265
  "CVE-2026-30615",
46266
+ "CVE-2026-30616",
46267
+ "CVE-2026-30617",
43730
46268
  "CVE-2026-30623",
46269
+ "CVE-2026-30624",
46270
+ "CVE-2026-30625",
43731
46271
  "CVE-2026-31431",
43732
46272
  "CVE-2026-34926",
43733
46273
  "CVE-2026-39884",
46274
+ "CVE-2026-40933",
43734
46275
  "CVE-2026-41091",
43735
46276
  "CVE-2026-42208",
43736
46277
  "CVE-2026-45321",
@@ -44072,11 +46613,18 @@
44072
46613
  "CVE-2025-49596",
44073
46614
  "CVE-2025-54136",
44074
46615
  "CVE-2025-6965",
46616
+ "CVE-2026-22252",
46617
+ "CVE-2026-22688",
44075
46618
  "CVE-2026-25592",
46619
+ "CVE-2026-30616",
46620
+ "CVE-2026-30617",
44076
46621
  "CVE-2026-30623",
46622
+ "CVE-2026-30624",
46623
+ "CVE-2026-30625",
44077
46624
  "CVE-2026-31431",
44078
46625
  "CVE-2026-34926",
44079
46626
  "CVE-2026-39884",
46627
+ "CVE-2026-40933",
44080
46628
  "CVE-2026-41091",
44081
46629
  "CVE-2026-42208",
44082
46630
  "CVE-2026-45321",
@@ -44214,11 +46762,18 @@
44214
46762
  "CVE-2025-49596",
44215
46763
  "CVE-2025-54136",
44216
46764
  "CVE-2025-6965",
46765
+ "CVE-2026-22252",
46766
+ "CVE-2026-22688",
44217
46767
  "CVE-2026-25592",
46768
+ "CVE-2026-30616",
46769
+ "CVE-2026-30617",
44218
46770
  "CVE-2026-30623",
46771
+ "CVE-2026-30624",
46772
+ "CVE-2026-30625",
44219
46773
  "CVE-2026-31431",
44220
46774
  "CVE-2026-34926",
44221
46775
  "CVE-2026-39884",
46776
+ "CVE-2026-40933",
44222
46777
  "CVE-2026-41091",
44223
46778
  "CVE-2026-42208",
44224
46779
  "CVE-2026-45321",
@@ -44370,11 +46925,18 @@
44370
46925
  "CVE-2025-49596",
44371
46926
  "CVE-2025-54136",
44372
46927
  "CVE-2025-6965",
46928
+ "CVE-2026-22252",
46929
+ "CVE-2026-22688",
44373
46930
  "CVE-2026-25592",
46931
+ "CVE-2026-30616",
46932
+ "CVE-2026-30617",
44374
46933
  "CVE-2026-30623",
46934
+ "CVE-2026-30624",
46935
+ "CVE-2026-30625",
44375
46936
  "CVE-2026-31431",
44376
46937
  "CVE-2026-34926",
44377
46938
  "CVE-2026-39884",
46939
+ "CVE-2026-40933",
44378
46940
  "CVE-2026-41091",
44379
46941
  "CVE-2026-42208",
44380
46942
  "CVE-2026-45321",
@@ -44631,13 +47193,20 @@
44631
47193
  "CVE-2025-53773",
44632
47194
  "CVE-2025-54136",
44633
47195
  "CVE-2025-6965",
47196
+ "CVE-2026-22252",
47197
+ "CVE-2026-22688",
44634
47198
  "CVE-2026-22778",
44635
47199
  "CVE-2026-25592",
44636
47200
  "CVE-2026-30615",
47201
+ "CVE-2026-30616",
47202
+ "CVE-2026-30617",
44637
47203
  "CVE-2026-30623",
47204
+ "CVE-2026-30624",
47205
+ "CVE-2026-30625",
44638
47206
  "CVE-2026-32202",
44639
47207
  "CVE-2026-33825",
44640
47208
  "CVE-2026-39884",
47209
+ "CVE-2026-40933",
44641
47210
  "CVE-2026-42208",
44642
47211
  "CVE-2026-45321",
44643
47212
  "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
@@ -45020,6 +47589,8 @@
45020
47589
  "CVE-2026-21525",
45021
47590
  "CVE-2026-21533",
45022
47591
  "CVE-2026-21643",
47592
+ "CVE-2026-22252",
47593
+ "CVE-2026-22688",
45023
47594
  "CVE-2026-22719",
45024
47595
  "CVE-2026-22769",
45025
47596
  "CVE-2026-23760",
@@ -45030,6 +47601,10 @@
45030
47601
  "CVE-2026-25108",
45031
47602
  "CVE-2026-25592",
45032
47603
  "CVE-2026-3055",
47604
+ "CVE-2026-30616",
47605
+ "CVE-2026-30617",
47606
+ "CVE-2026-30624",
47607
+ "CVE-2026-30625",
45033
47608
  "CVE-2026-31431",
45034
47609
  "CVE-2026-31635",
45035
47610
  "CVE-2026-32201",
@@ -45045,6 +47620,7 @@
45045
47620
  "CVE-2026-3909",
45046
47621
  "CVE-2026-3910",
45047
47622
  "CVE-2026-39884",
47623
+ "CVE-2026-40933",
45048
47624
  "CVE-2026-41091",
45049
47625
  "CVE-2026-41940",
45050
47626
  "CVE-2026-42897",
@@ -45643,12 +48219,19 @@
45643
48219
  "CVE-2025-53773",
45644
48220
  "CVE-2025-54136",
45645
48221
  "CVE-2025-6965",
48222
+ "CVE-2026-22252",
48223
+ "CVE-2026-22688",
45646
48224
  "CVE-2026-25592",
45647
48225
  "CVE-2026-30615",
48226
+ "CVE-2026-30616",
48227
+ "CVE-2026-30617",
45648
48228
  "CVE-2026-30623",
48229
+ "CVE-2026-30624",
48230
+ "CVE-2026-30625",
45649
48231
  "CVE-2026-31431",
45650
48232
  "CVE-2026-34926",
45651
48233
  "CVE-2026-39884",
48234
+ "CVE-2026-40933",
45652
48235
  "CVE-2026-41091",
45653
48236
  "CVE-2026-42208",
45654
48237
  "CVE-2026-45321",
@@ -46224,12 +48807,19 @@
46224
48807
  "CVE-2025-53773",
46225
48808
  "CVE-2025-54136",
46226
48809
  "CVE-2025-6965",
48810
+ "CVE-2026-22252",
48811
+ "CVE-2026-22688",
46227
48812
  "CVE-2026-25592",
46228
48813
  "CVE-2026-30615",
48814
+ "CVE-2026-30616",
48815
+ "CVE-2026-30617",
46229
48816
  "CVE-2026-30623",
48817
+ "CVE-2026-30624",
48818
+ "CVE-2026-30625",
46230
48819
  "CVE-2026-31431",
46231
48820
  "CVE-2026-34926",
46232
48821
  "CVE-2026-39884",
48822
+ "CVE-2026-40933",
46233
48823
  "CVE-2026-41091",
46234
48824
  "CVE-2026-42208",
46235
48825
  "CVE-2026-45321",
@@ -46439,11 +49029,18 @@
46439
49029
  "CVE-2025-49596",
46440
49030
  "CVE-2025-53773",
46441
49031
  "CVE-2025-54136",
49032
+ "CVE-2026-22252",
49033
+ "CVE-2026-22688",
46442
49034
  "CVE-2026-25592",
46443
49035
  "CVE-2026-30615",
49036
+ "CVE-2026-30616",
49037
+ "CVE-2026-30617",
49038
+ "CVE-2026-30624",
49039
+ "CVE-2026-30625",
46444
49040
  "CVE-2026-31431",
46445
49041
  "CVE-2026-34926",
46446
49042
  "CVE-2026-39884",
49043
+ "CVE-2026-40933",
46447
49044
  "CVE-2026-41091",
46448
49045
  "CVE-2026-45321",
46449
49046
  "CVE-2026-45498",
@@ -47088,12 +49685,19 @@
47088
49685
  "CVE-2025-53773",
47089
49686
  "CVE-2025-54136",
47090
49687
  "CVE-2025-6965",
49688
+ "CVE-2026-22252",
49689
+ "CVE-2026-22688",
47091
49690
  "CVE-2026-25592",
47092
49691
  "CVE-2026-30615",
49692
+ "CVE-2026-30616",
49693
+ "CVE-2026-30617",
47093
49694
  "CVE-2026-30623",
49695
+ "CVE-2026-30624",
49696
+ "CVE-2026-30625",
47094
49697
  "CVE-2026-31431",
47095
49698
  "CVE-2026-34926",
47096
49699
  "CVE-2026-39884",
49700
+ "CVE-2026-40933",
47097
49701
  "CVE-2026-41091",
47098
49702
  "CVE-2026-42208",
47099
49703
  "CVE-2026-45321",
@@ -47480,6 +50084,8 @@
47480
50084
  "CVE-2026-21525",
47481
50085
  "CVE-2026-21533",
47482
50086
  "CVE-2026-21643",
50087
+ "CVE-2026-22252",
50088
+ "CVE-2026-22688",
47483
50089
  "CVE-2026-22719",
47484
50090
  "CVE-2026-22769",
47485
50091
  "CVE-2026-23760",
@@ -47490,6 +50096,10 @@
47490
50096
  "CVE-2026-25108",
47491
50097
  "CVE-2026-25592",
47492
50098
  "CVE-2026-3055",
50099
+ "CVE-2026-30616",
50100
+ "CVE-2026-30617",
50101
+ "CVE-2026-30624",
50102
+ "CVE-2026-30625",
47493
50103
  "CVE-2026-31431",
47494
50104
  "CVE-2026-31635",
47495
50105
  "CVE-2026-32201",
@@ -47505,6 +50115,7 @@
47505
50115
  "CVE-2026-3909",
47506
50116
  "CVE-2026-3910",
47507
50117
  "CVE-2026-39884",
50118
+ "CVE-2026-40933",
47508
50119
  "CVE-2026-41091",
47509
50120
  "CVE-2026-41940",
47510
50121
  "CVE-2026-42897",
@@ -47882,6 +50493,8 @@
47882
50493
  "CVE-2026-21525",
47883
50494
  "CVE-2026-21533",
47884
50495
  "CVE-2026-21643",
50496
+ "CVE-2026-22252",
50497
+ "CVE-2026-22688",
47885
50498
  "CVE-2026-22719",
47886
50499
  "CVE-2026-22769",
47887
50500
  "CVE-2026-23760",
@@ -47892,6 +50505,10 @@
47892
50505
  "CVE-2026-25108",
47893
50506
  "CVE-2026-25592",
47894
50507
  "CVE-2026-3055",
50508
+ "CVE-2026-30616",
50509
+ "CVE-2026-30617",
50510
+ "CVE-2026-30624",
50511
+ "CVE-2026-30625",
47895
50512
  "CVE-2026-31431",
47896
50513
  "CVE-2026-31635",
47897
50514
  "CVE-2026-32201",
@@ -47907,6 +50524,7 @@
47907
50524
  "CVE-2026-3909",
47908
50525
  "CVE-2026-3910",
47909
50526
  "CVE-2026-39884",
50527
+ "CVE-2026-40933",
47910
50528
  "CVE-2026-41091",
47911
50529
  "CVE-2026-41940",
47912
50530
  "CVE-2026-42897",
@@ -48146,12 +50764,19 @@
48146
50764
  "CVE-2025-53773",
48147
50765
  "CVE-2025-54136",
48148
50766
  "CVE-2025-6965",
50767
+ "CVE-2026-22252",
50768
+ "CVE-2026-22688",
48149
50769
  "CVE-2026-25592",
48150
50770
  "CVE-2026-30615",
50771
+ "CVE-2026-30616",
50772
+ "CVE-2026-30617",
48151
50773
  "CVE-2026-30623",
50774
+ "CVE-2026-30624",
50775
+ "CVE-2026-30625",
48152
50776
  "CVE-2026-31431",
48153
50777
  "CVE-2026-34926",
48154
50778
  "CVE-2026-39884",
50779
+ "CVE-2026-40933",
48155
50780
  "CVE-2026-41091",
48156
50781
  "CVE-2026-42208",
48157
50782
  "CVE-2026-45321",
@@ -49090,6 +51715,8 @@
49090
51715
  "CVE-2026-21525",
49091
51716
  "CVE-2026-21533",
49092
51717
  "CVE-2026-21643",
51718
+ "CVE-2026-22252",
51719
+ "CVE-2026-22688",
49093
51720
  "CVE-2026-22719",
49094
51721
  "CVE-2026-22769",
49095
51722
  "CVE-2026-23760",
@@ -49100,6 +51727,10 @@
49100
51727
  "CVE-2026-25108",
49101
51728
  "CVE-2026-25592",
49102
51729
  "CVE-2026-3055",
51730
+ "CVE-2026-30616",
51731
+ "CVE-2026-30617",
51732
+ "CVE-2026-30624",
51733
+ "CVE-2026-30625",
49103
51734
  "CVE-2026-31431",
49104
51735
  "CVE-2026-31635",
49105
51736
  "CVE-2026-32201",
@@ -49115,6 +51746,7 @@
49115
51746
  "CVE-2026-3909",
49116
51747
  "CVE-2026-3910",
49117
51748
  "CVE-2026-39884",
51749
+ "CVE-2026-40933",
49118
51750
  "CVE-2026-41091",
49119
51751
  "CVE-2026-41940",
49120
51752
  "CVE-2026-42897",
@@ -49418,12 +52050,19 @@
49418
52050
  "CVE-2025-53773",
49419
52051
  "CVE-2025-54136",
49420
52052
  "CVE-2025-6965",
52053
+ "CVE-2026-22252",
52054
+ "CVE-2026-22688",
49421
52055
  "CVE-2026-25592",
49422
52056
  "CVE-2026-30615",
52057
+ "CVE-2026-30616",
52058
+ "CVE-2026-30617",
49423
52059
  "CVE-2026-30623",
52060
+ "CVE-2026-30624",
52061
+ "CVE-2026-30625",
49424
52062
  "CVE-2026-31431",
49425
52063
  "CVE-2026-34926",
49426
52064
  "CVE-2026-39884",
52065
+ "CVE-2026-40933",
49427
52066
  "CVE-2026-41091",
49428
52067
  "CVE-2026-42208",
49429
52068
  "CVE-2026-45321",
@@ -49893,6 +52532,8 @@
49893
52532
  "CVE-2026-21525",
49894
52533
  "CVE-2026-21533",
49895
52534
  "CVE-2026-21643",
52535
+ "CVE-2026-22252",
52536
+ "CVE-2026-22688",
49896
52537
  "CVE-2026-22719",
49897
52538
  "CVE-2026-22769",
49898
52539
  "CVE-2026-23760",
@@ -49904,7 +52545,11 @@
49904
52545
  "CVE-2026-25592",
49905
52546
  "CVE-2026-3055",
49906
52547
  "CVE-2026-30615",
52548
+ "CVE-2026-30616",
52549
+ "CVE-2026-30617",
49907
52550
  "CVE-2026-30623",
52551
+ "CVE-2026-30624",
52552
+ "CVE-2026-30625",
49908
52553
  "CVE-2026-31431",
49909
52554
  "CVE-2026-31635",
49910
52555
  "CVE-2026-32201",
@@ -49920,6 +52565,7 @@
49920
52565
  "CVE-2026-3909",
49921
52566
  "CVE-2026-3910",
49922
52567
  "CVE-2026-39884",
52568
+ "CVE-2026-40933",
49923
52569
  "CVE-2026-41091",
49924
52570
  "CVE-2026-41940",
49925
52571
  "CVE-2026-42897",
@@ -50233,11 +52879,18 @@
50233
52879
  "CVE-2025-49844",
50234
52880
  "CVE-2025-53773",
50235
52881
  "CVE-2025-54136",
52882
+ "CVE-2026-22252",
52883
+ "CVE-2026-22688",
50236
52884
  "CVE-2026-25592",
50237
52885
  "CVE-2026-30615",
52886
+ "CVE-2026-30616",
52887
+ "CVE-2026-30617",
52888
+ "CVE-2026-30624",
52889
+ "CVE-2026-30625",
50238
52890
  "CVE-2026-31431",
50239
52891
  "CVE-2026-34926",
50240
52892
  "CVE-2026-39884",
52893
+ "CVE-2026-40933",
50241
52894
  "CVE-2026-41091",
50242
52895
  "CVE-2026-45321",
50243
52896
  "CVE-2026-45498",
@@ -51151,12 +53804,19 @@
51151
53804
  "CVE-2025-53773",
51152
53805
  "CVE-2025-54136",
51153
53806
  "CVE-2025-6965",
53807
+ "CVE-2026-22252",
53808
+ "CVE-2026-22688",
51154
53809
  "CVE-2026-25592",
51155
53810
  "CVE-2026-30615",
53811
+ "CVE-2026-30616",
53812
+ "CVE-2026-30617",
51156
53813
  "CVE-2026-30623",
53814
+ "CVE-2026-30624",
53815
+ "CVE-2026-30625",
51157
53816
  "CVE-2026-31431",
51158
53817
  "CVE-2026-34926",
51159
53818
  "CVE-2026-39884",
53819
+ "CVE-2026-40933",
51160
53820
  "CVE-2026-41091",
51161
53821
  "CVE-2026-42208",
51162
53822
  "CVE-2026-45321",
@@ -51225,10 +53885,17 @@
51225
53885
  "CVE-2025-43300",
51226
53886
  "CVE-2025-49596",
51227
53887
  "CVE-2025-54136",
53888
+ "CVE-2026-22252",
53889
+ "CVE-2026-22688",
51228
53890
  "CVE-2026-25592",
53891
+ "CVE-2026-30616",
53892
+ "CVE-2026-30617",
53893
+ "CVE-2026-30624",
53894
+ "CVE-2026-30625",
51229
53895
  "CVE-2026-31431",
51230
53896
  "CVE-2026-34926",
51231
53897
  "CVE-2026-39884",
53898
+ "CVE-2026-40933",
51232
53899
  "CVE-2026-41091",
51233
53900
  "CVE-2026-45321",
51234
53901
  "CVE-2026-45498",
@@ -51375,12 +54042,19 @@
51375
54042
  "CVE-2025-53773",
51376
54043
  "CVE-2025-54136",
51377
54044
  "CVE-2025-6965",
54045
+ "CVE-2026-22252",
54046
+ "CVE-2026-22688",
51378
54047
  "CVE-2026-22778",
51379
54048
  "CVE-2026-25592",
54049
+ "CVE-2026-30616",
54050
+ "CVE-2026-30617",
51380
54051
  "CVE-2026-30623",
54052
+ "CVE-2026-30624",
54053
+ "CVE-2026-30625",
51381
54054
  "CVE-2026-32202",
51382
54055
  "CVE-2026-33825",
51383
54056
  "CVE-2026-39884",
54057
+ "CVE-2026-40933",
51384
54058
  "CVE-2026-42208"
51385
54059
  ]
51386
54060
  },
@@ -51946,6 +54620,8 @@
51946
54620
  "CVE-2026-21525",
51947
54621
  "CVE-2026-21533",
51948
54622
  "CVE-2026-21643",
54623
+ "CVE-2026-22252",
54624
+ "CVE-2026-22688",
51949
54625
  "CVE-2026-22719",
51950
54626
  "CVE-2026-22769",
51951
54627
  "CVE-2026-23760",
@@ -51957,6 +54633,10 @@
51957
54633
  "CVE-2026-25592",
51958
54634
  "CVE-2026-3055",
51959
54635
  "CVE-2026-30615",
54636
+ "CVE-2026-30616",
54637
+ "CVE-2026-30617",
54638
+ "CVE-2026-30624",
54639
+ "CVE-2026-30625",
51960
54640
  "CVE-2026-31431",
51961
54641
  "CVE-2026-31635",
51962
54642
  "CVE-2026-32201",
@@ -51969,6 +54649,7 @@
51969
54649
  "CVE-2026-35616",
51970
54650
  "CVE-2026-3909",
51971
54651
  "CVE-2026-3910",
54652
+ "CVE-2026-40933",
51972
54653
  "CVE-2026-41091",
51973
54654
  "CVE-2026-41940",
51974
54655
  "CVE-2026-42945",
@@ -52209,12 +54890,19 @@
52209
54890
  "CVE-2025-53773",
52210
54891
  "CVE-2025-54136",
52211
54892
  "CVE-2025-6965",
54893
+ "CVE-2026-22252",
54894
+ "CVE-2026-22688",
52212
54895
  "CVE-2026-25592",
52213
54896
  "CVE-2026-30615",
54897
+ "CVE-2026-30616",
54898
+ "CVE-2026-30617",
52214
54899
  "CVE-2026-30623",
54900
+ "CVE-2026-30624",
54901
+ "CVE-2026-30625",
52215
54902
  "CVE-2026-31431",
52216
54903
  "CVE-2026-34926",
52217
54904
  "CVE-2026-39884",
54905
+ "CVE-2026-40933",
52218
54906
  "CVE-2026-41091",
52219
54907
  "CVE-2026-45321",
52220
54908
  "CVE-2026-45498",
@@ -52481,13 +55169,20 @@
52481
55169
  "CVE-2025-53773",
52482
55170
  "CVE-2025-54136",
52483
55171
  "CVE-2025-6965",
55172
+ "CVE-2026-22252",
55173
+ "CVE-2026-22688",
52484
55174
  "CVE-2026-22778",
52485
55175
  "CVE-2026-25592",
52486
55176
  "CVE-2026-30615",
55177
+ "CVE-2026-30616",
55178
+ "CVE-2026-30617",
52487
55179
  "CVE-2026-30623",
55180
+ "CVE-2026-30624",
55181
+ "CVE-2026-30625",
52488
55182
  "CVE-2026-32202",
52489
55183
  "CVE-2026-33825",
52490
55184
  "CVE-2026-39884",
55185
+ "CVE-2026-40933",
52491
55186
  "CVE-2026-42208",
52492
55187
  "CVE-2026-42897",
52493
55188
  "CVE-2026-43284",