@blamejs/exceptd-skills 0.13.75 → 0.13.77

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.13.77 — 2026-05-25
+
+CVE catalog — two current additions. **CVE-2026-9082** (Drupal core, SA-CORE-2026-004, CWE-89, NIST CVSS 9.8) is an unauthenticated SQL injection in the database abstraction layer reachable via JSON:API on PostgreSQL-backed sites; CISA added it to the KEV catalog on 2026-05-22 with a 2026-05-27 remediation due date, so it scores RWEP P1 (78) on confirmed exploitation. Fixed in the SA-CORE-2026-004 releases (10.4.10 / 10.5.10 / 10.6.9 / 11.1.10 / 11.2.12 / 11.3.10). Its zero-day lesson adds a control requiring parameterization to be verified at the database abstraction layer — not assumed from application-layer input validation or a perimeter WAF. **CVE-2026-26015** (DocsGPT, CWE-77, NIST CVSS 9.8 / GitHub 10.0) completes the MCP command-injection family: a crafted payload bypasses the MCP validation step to run shell commands without authentication; fixed in 0.16.0. Both carry CWE + ATT&CK mappings, global-first framework gaps, and behavioral IoCs. CVE count 331 → 333.
+
+## 0.13.76 — 2026-05-25
+
+CVE catalog — MCP command-injection family expansion: adds five more verified entries from the 2026 MCP supply-chain advisory, all variations of the same root cause where an AI framework hands caller-supplied command/args to its MCP transport and executes them. **CVE-2026-40933** (FlowiseAI Flowise, CWE-78, NIST CVSS 9.9) — an authenticated user bypasses Custom-MCP command sanitization by pairing an allow-listed binary (npx) with execution flags; fixed in 3.1.0. **CVE-2026-30625** (Upsonic, CWE-77, NIST CVSS 9.8) — MCP task creation allow-lists npm/npx whose argument flags re-enable arbitrary command execution; 0.72.0 adds a warning, not a confirmed fix. **CVE-2026-30617** (Langchain-Chatchat, CWE-77, NIST CVSS 8.6) — an exposed MCP management interface lets a caller configure a malicious stdio command. **CVE-2026-30624** (Agent Zero, CWE-77, NIST CVSS 8.6) — MCP server configurations execute without adequate validation. **CVE-2026-30616** (Jaaz, CWE-77, NIST CVSS 7.3) — MCP stdio command-execution handling runs configured commands unsanitized. Each carries CWE + ATT&CK T1190/T1059 mappings, global-first framework gaps, behavioral IoCs, and RWEP scoring; all map to the MCP-transport command-governance controls already established for this class. CVE count 326 → 331.
+
 ## 0.13.75 — 2026-05-25
 
 CVE catalog — MCP stdio transport RCE class: adds two more from the 2026 MCP supply-chain advisory, both where the MCP stdio transport runs caller-supplied commands. **CVE-2026-22252** (LibreChat, CWE-285, NIST CVSS 9.9) — the MCP stdio transport accepts arbitrary commands without authorization, so any authenticated user executes shell commands as root inside the container via one API request; fixed in 0.8.2-rc2. **CVE-2026-22688** (Tencent WeKnora, CWE-77, NIST CVSS 8.8) — authenticated users inject `stdio_config.command/args` into MCP settings, causing the server to spawn attacker-supplied subprocesses; fixed in 0.2.5. Both not KEV, RWEP P3 (30 each). Each carries CWE + ATT&CK T1190/T1059 mappings, global-first framework gaps, behavioral IoCs, and a zero-day lesson with a new control (NEW-CTRL-083/084) requiring the MCP stdio transport to authorize callers and validate/neutralize the commands it is handed rather than treating ordinary user auth as an execution boundary. CVE count 324 → 326.

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-25T14:23:11.654Z",
+  "generated_at": "2026-05-25T15:37:01.228Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "41fa2fbe736228d38efe569214f54641dc04f3412cb641f37142409b98528edf",
+    "manifest.json": "5eb494e992f4b9efdd66160b6f86bac028df90ff0d1d82fb12c94d82a66f10bc",
     "data/atlas-ttps.json": "07e28f5fe196d8e16082968ce36e4d33b720a024a9c00afd10ddc076a8ae8935",
-    "data/attack-techniques.json": "192f539589fdae09e1271f44e2384205cf7a17a835bc08400d757896282362ee",
-    "data/cve-catalog.json": "ccec1ebcafae51d12c0f6d3fc62567fd91c002de4d67154429efd7450dd27cc3",
-    "data/cwe-catalog.json": "0a8250fa479efcabc88d72c774f7dca7f1b680087161513d489beaf535a4c531",
+    "data/attack-techniques.json": "bd0a3543c975d7454401acdee260b00685f0e54010878144daa5dd7fcd5335de",
+    "data/cve-catalog.json": "7b12779c6a459dbcf303c46bba7d05cc4b54e697741b4cfddf2732e7e3c334b2",
+    "data/cwe-catalog.json": "3f9c1c34914b5947378f6449bc4977e68472209def736b98fe2b0a310d545d65",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "fb08c4b82c1a7152a3ba75bf0eda4564ca4c89649e77e74083e941e1d3a76d93",
+    "data/framework-control-gaps.json": "2dad9eda3c8470436d9c6df7aabfeb751d924651b407c3877e80a652f51b44fc",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
-    "data/zeroday-lessons.json": "1213db6cbc5d54b093d05c2061b4c037f0cc968cc82cc051a396f9b1e72dca72",
+    "data/zeroday-lessons.json": "a68ba34b20d287d70fc4b19e7cb181a22567dd9ea5b3f8bb154084ade826a857",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
     "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
     "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 315,
+    "chains_cve_entries": 322,
     "chains_cwe_entries": 171,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -149,7 +149,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 326
+      "entry_count": 333
     },
     {
       "date": "2026-05-18",
@@ -165,7 +165,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 321
+      "entry_count": 328
     },
     {
       "date": "2026-05-17",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 326,
+      "entry_count": 333,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 321,
+      "entry_count": 328,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",