@blamejs/exceptd-skills 0.13.87 → 0.13.89

package/data/cve-catalog.json

@@ -55,7 +55,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.034,
+      "current_rate": 0.033,
       "current_floor_enforced_by_test": 0.03,
       "ladder_to_target": [
         0.03,
@@ -12979,6 +12979,637 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "Gradio's /file route containment check was flawed, allowing path traversal arbitrary file read (and SSRF) on a public Gradio app (CWE-22); fixed in 4.11.0."
   },
+  "CVE-2024-11392": {
+    "name": "Hugging Face Transformers MobileViTV2 Deserialization Remote Code Execution",
+    "type": "RCE",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 8.8 (HIGH). Deserialization of untrusted data in the MobileViTV2 loader's configuration files (CWE-502); requires a user to load a malicious model/config (UI:R).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Disclosed via the Trend Micro Zero Day Initiative and tracked in the Hugging Face Transformers advisory issue (#34840): a crafted MobileViTV2 configuration file contains a serialized object that executes code when Hugging Face Transformers loads it.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed through the Trend Micro Zero Day Initiative. The abused surface is a model loader in Hugging Face Transformers, the foundational ML library; an untrusted model artifact is executable code at load time.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; unsafe deserialization of ML model artifacts.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "ZDI coordinated disclosure with a fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "Hugging Face Transformers before 4.48.0 (the MobileViTV2 loader). Fixed in 4.48.0.",
+    "affected_versions": [
+      "Hugging Face Transformers < 4.48.0"
+    ],
+    "vector": "Hugging Face Transformers' MobileViTV2 loader deserializes untrusted data from configuration files without validation (CWE-502). A user who loads a malicious MobileViTV2 model/config from an untrusted source (e.g. a model hub) executes attacker-controlled code in their process.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N / UI:R — requires a user to load the malicious model/config.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading Hugging Face Transformers to 4.48.0 or later; no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade Hugging Face Transformers to 4.48.0 or later. Only load models/configs from trusted sources, verify provenance, and load untrusted models in a sandboxed, least-privilege environment."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the foundational ML library's model loaders as managed, RCE-bearing software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to model artifacts/configs the library deserializes at load time.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the ML library's model-loading path as a code-execution surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach ML-library model loading as a privileged execution control plane.",
+      "DORA-Art-9": "ICT protection measures do not model untrusted-model-artifact loading in the core ML library as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for treating model artifacts as untrusted code.",
+      "AU-ISM-1546": "Patch-application control does not single out the foundational ML library's model loaders.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an ML model artifact as untrusted executable input; loading one from an untrusted source through Transformers is RCE."
+    },
+    "atlas_refs": [
+      "AML.T0010",
+      "AML.T0011",
+      "AML.T0011.000"
+    ],
+    "attack_refs": [
+      "T1204",
+      "T1059",
+      "T1195.002"
+    ],
+    "rwep_score": 33,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 28,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 33, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=28 (Hugging Face Transformers is the foundational ML library) minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2024-11392",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Python subprocess / interpreter activity during Hugging Face Transformers loading of a MobileViTV2 model or config from an external source.",
+        "A MobileViTV2 model artifact / config from a model hub or user upload whose serialized content resolves to code execution.",
+        "Loading models without provenance verification through Transformers < 4.48.0.",
+        "Hugging Face Transformers < 4.48.0 loading untrusted MobileViTV2 artifacts — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the Hugging Face Transformers advisory issue (https://github.com/huggingface/transformers/issues/34840, ZDI-coordinated) and NVD CVE-2024-11392 (CWE-502). The MobileViTV2 loader deserialization is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2024-11392",
+      "https://github.com/huggingface/transformers/issues/34840",
+      "https://github.com/huggingface/transformers/issues/34840"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "Hugging Face Transformers advisory (ZDI-coordinated)",
+        "advisory_id": "CVE-2024-11392",
+        "url": "https://github.com/huggingface/transformers/issues/34840",
+        "severity": "high",
+        "published_date": "2024-11-22"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2024-11392",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11392",
+        "severity": "high",
+        "published_date": "2024-11-22"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-502; NIST CVSS 8.8) + the Trend Micro Zero Day Initiative advisory. Member of the Hugging Face Transformers model-loader deserialization family (untrusted model artifact equals executable code); same class as the Keras model-deserialization entries.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Hugging Face Transformers' MobileViTV2 loader deserializes untrusted configuration files (CWE-502), so loading a malicious model/config executes code; fixed in 4.48.0."
+  },
+  "CVE-2024-11393": {
+    "name": "Hugging Face Transformers MaskFormer Deserialization Remote Code Execution",
+    "type": "RCE",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 8.8 (HIGH). Deserialization of untrusted data in the MaskFormer loader's model files (CWE-502); requires a user to load a malicious model/config (UI:R).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Disclosed via the Trend Micro Zero Day Initiative and tracked in the Hugging Face Transformers advisory issue (#34840): a crafted MaskFormer model file contains a serialized object that executes code when Hugging Face Transformers loads it.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed through the Trend Micro Zero Day Initiative. The abused surface is a model loader in Hugging Face Transformers, the foundational ML library; an untrusted model artifact is executable code at load time.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; unsafe deserialization of ML model artifacts.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "ZDI coordinated disclosure with a fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "Hugging Face Transformers before 4.48.0 (the MaskFormer loader). Fixed in 4.48.0.",
+    "affected_versions": [
+      "Hugging Face Transformers < 4.48.0"
+    ],
+    "vector": "Hugging Face Transformers' MaskFormer loader deserializes untrusted data from model files without validation (CWE-502). A user who loads a malicious MaskFormer model/config from an untrusted source (e.g. a model hub) executes attacker-controlled code in their process.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N / UI:R — requires a user to load the malicious model/config.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading Hugging Face Transformers to 4.48.0 or later; no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade Hugging Face Transformers to 4.48.0 or later. Only load models/configs from trusted sources, verify provenance, and load untrusted models in a sandboxed, least-privilege environment."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the foundational ML library's model loaders as managed, RCE-bearing software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to model artifacts/configs the library deserializes at load time.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the ML library's model-loading path as a code-execution surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach ML-library model loading as a privileged execution control plane.",
+      "DORA-Art-9": "ICT protection measures do not model untrusted-model-artifact loading in the core ML library as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for treating model artifacts as untrusted code.",
+      "AU-ISM-1546": "Patch-application control does not single out the foundational ML library's model loaders.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an ML model artifact as untrusted executable input; loading one from an untrusted source through Transformers is RCE."
+    },
+    "atlas_refs": [
+      "AML.T0010",
+      "AML.T0011",
+      "AML.T0011.000"
+    ],
+    "attack_refs": [
+      "T1204",
+      "T1059",
+      "T1195.002"
+    ],
+    "rwep_score": 33,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 28,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 33, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=28 (Hugging Face Transformers is the foundational ML library) minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2024-11393",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Python subprocess / interpreter activity during Hugging Face Transformers loading of a MaskFormer model or config from an external source.",
+        "A MaskFormer model artifact / config from a model hub or user upload whose serialized content resolves to code execution.",
+        "Loading models without provenance verification through Transformers < 4.48.0.",
+        "Hugging Face Transformers < 4.48.0 loading untrusted MaskFormer artifacts — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the Hugging Face Transformers advisory issue (https://github.com/huggingface/transformers/issues/34840, ZDI-coordinated) and NVD CVE-2024-11393 (CWE-502). The MaskFormer loader deserialization is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2024-11393",
+      "https://github.com/huggingface/transformers/issues/34840",
+      "https://github.com/huggingface/transformers/issues/34840"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "Hugging Face Transformers advisory (ZDI-coordinated)",
+        "advisory_id": "CVE-2024-11393",
+        "url": "https://github.com/huggingface/transformers/issues/34840",
+        "severity": "high",
+        "published_date": "2024-11-22"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2024-11393",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11393",
+        "severity": "high",
+        "published_date": "2024-11-22"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-502; NIST CVSS 8.8) + the Trend Micro Zero Day Initiative advisory. Member of the Hugging Face Transformers model-loader deserialization family (untrusted model artifact equals executable code); same class as the Keras model-deserialization entries.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Hugging Face Transformers' MaskFormer loader deserializes untrusted model files (CWE-502), so loading a malicious model/config executes code; fixed in 4.48.0."
+  },
+  "CVE-2024-11394": {
+    "name": "Hugging Face Transformers Trax Deserialization Remote Code Execution",
+    "type": "RCE",
+    "cvss_score": 8.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 8.8 (HIGH). Deserialization of untrusted data in the Trax loader's model files (CWE-502); requires a user to load a malicious model/config (UI:R).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Disclosed via the Trend Micro Zero Day Initiative and tracked in the Hugging Face Transformers advisory issue (#34840): a crafted Trax model file contains a serialized object that executes code when Hugging Face Transformers loads it.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed through the Trend Micro Zero Day Initiative. The abused surface is a model loader in Hugging Face Transformers, the foundational ML library; an untrusted model artifact is executable code at load time.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; unsafe deserialization of ML model artifacts.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "ZDI coordinated disclosure with a fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "Hugging Face Transformers before 4.48.0 (the Trax loader). Fixed in 4.48.0.",
+    "affected_versions": [
+      "Hugging Face Transformers < 4.48.0"
+    ],
+    "vector": "Hugging Face Transformers' Trax loader deserializes untrusted data from model files without validation (CWE-502). A user who loads a malicious Trax model/config from an untrusted source (e.g. a model hub) executes attacker-controlled code in their process.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N / UI:R — requires a user to load the malicious model/config.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading Hugging Face Transformers to 4.48.0 or later; no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade Hugging Face Transformers to 4.48.0 or later. Only load models/configs from trusted sources, verify provenance, and load untrusted models in a sandboxed, least-privilege environment."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the foundational ML library's model loaders as managed, RCE-bearing software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to model artifacts/configs the library deserializes at load time.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the ML library's model-loading path as a code-execution surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach ML-library model loading as a privileged execution control plane.",
+      "DORA-Art-9": "ICT protection measures do not model untrusted-model-artifact loading in the core ML library as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for treating model artifacts as untrusted code.",
+      "AU-ISM-1546": "Patch-application control does not single out the foundational ML library's model loaders.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats an ML model artifact as untrusted executable input; loading one from an untrusted source through Transformers is RCE."
+    },
+    "atlas_refs": [
+      "AML.T0010",
+      "AML.T0011",
+      "AML.T0011.000"
+    ],
+    "attack_refs": [
+      "T1204",
+      "T1059",
+      "T1195.002"
+    ],
+    "rwep_score": 33,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 28,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 33, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=28 (Hugging Face Transformers is the foundational ML library) minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2024-11394",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Python subprocess / interpreter activity during Hugging Face Transformers loading of a Trax model or config from an external source.",
+        "A Trax model artifact / config from a model hub or user upload whose serialized content resolves to code execution.",
+        "Loading models without provenance verification through Transformers < 4.48.0.",
+        "Hugging Face Transformers < 4.48.0 loading untrusted Trax artifacts — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the Hugging Face Transformers advisory issue (https://github.com/huggingface/transformers/issues/34840, ZDI-coordinated) and NVD CVE-2024-11394 (CWE-502). The Trax loader deserialization is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2024-11394",
+      "https://github.com/huggingface/transformers/issues/34840",
+      "https://github.com/huggingface/transformers/issues/34840"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "Hugging Face Transformers advisory (ZDI-coordinated)",
+        "advisory_id": "CVE-2024-11394",
+        "url": "https://github.com/huggingface/transformers/issues/34840",
+        "severity": "high",
+        "published_date": "2024-11-22"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2024-11394",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11394",
+        "severity": "high",
+        "published_date": "2024-11-22"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-502; NIST CVSS 8.8) + the Trend Micro Zero Day Initiative advisory. Member of the Hugging Face Transformers model-loader deserialization family (untrusted model artifact equals executable code); same class as the Keras model-deserialization entries.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Hugging Face Transformers' Trax loader deserializes untrusted model files (CWE-502), so loading a malicious model/config executes code; fixed in 4.48.0."
+  },
+  "CVE-2026-24213": {
+    "name": "NVIDIA Triton DALI Backend Out-of-Bounds Read",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL); NVIDIA as CNA scored 8.0 (HIGH) citing stricter prerequisites. Out-of-bounds read in the DALI backend processing inference input.",
+    "cisa_kev": false,
+    "poc_available": false,
+    "poc_description": "No public proof-of-concept at curation; disclosed via NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). Exploitation requires reaching the DALI backend with crafted inference input.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by researcher Navtej Kathuria through NVIDIA's coordinated security bulletin. The abused surface is the DALI media/data-augmentation backend of a widely deployed AI inference server.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; memory-safety / resource-handling in the inference backend.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Vendor bulletin disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "NVIDIA Triton Inference Server (DALI backend) prior to r26.03.",
+    "affected_versions": [
+      "NVIDIA Triton Inference Server < 26.03"
+    ],
+    "vector": "NVIDIA Triton's DALI (Data Augmentation Library) backend reads out of bounds while processing attacker-supplied inference input (CWE-125), which can lead to code execution, data tampering, denial of service, or information disclosure.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable; precondition is the DALI backend processing attacker-supplied inference input.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is an application upgrade to Triton Inference Server r26.03 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade NVIDIA Triton Inference Server to r26.03 or later. Do not expose Triton's inference endpoints to untrusted networks, and validate/limit the size and shape of inputs routed to the DALI backend."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the AI inference server's media-processing backends as managed, memory-unsafe software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to the size/shape of inference inputs reaching the DALI backend.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference server's data-augmentation backend as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference backend as a network-exposed processing surface.",
+      "DORA-Art-9": "ICT protection measures do not model memory-safety / DoS in an AI inference backend as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for bounding the inference backend's processing of untrusted input.",
+      "AU-ISM-1546": "Patch-application control does not single out AI inference servers' media backends.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface requiring bounds and resource limits."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 11,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 0,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "P4 (RWEP 11, below the 20 \"standard\" band per lib/scoring.js timeline). A deliberate CVSS-vs-RWEP divergence (Hard Rule #3): NVD rates this 9.8 CRITICAL, but with no CISA KEV listing, no confirmed in-the-wild exploitation, no public PoC, and a patch available, the real-world exploit priority is low. blast_radius=26 minus patch 15; poc_available=0 (no public exploit).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-24213",
+    "cwe_refs": [
+      "CWE-125"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Triton DALI backend crashes, segfaults, or abnormal memory access while processing inference requests.",
+        "Inference requests to a Triton DALI model with anomalous input sizes / shapes (oversized dimensions, crafted media headers).",
+        "Unexpected process or memory behavior on the Triton host following DALI-routed requests.",
+        "NVIDIA Triton Inference Server below r26.03 with the DALI backend reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from NVD CVE-2026-24213 (CWE-125) and NVIDIA's May 2026 Triton Inference Server security bulletin (https://nvidia.custhelp.com/app/answers/detail/a_id/5828, researcher Navtej Kathuria)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-24213",
+      "https://nvidia.custhelp.com/app/answers/detail/a_id/5828"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVIDIA Product Security",
+        "advisory_id": "NVIDIA-5828",
+        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-24213",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24213",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-125; NIST CVSS 9.8) + NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). One of three DALI-backend flaws (with the other two) patched in r26.03; companions to the CVE-2026-24206/24207 authentication bypasses in the same bulletin.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "NVIDIA Triton's DALI backend reads out of bounds on attacker-supplied inference input (CWE-125), risking code execution / disclosure; fixed in r26.03."
+  },
+  "CVE-2026-24214": {
+    "name": "NVIDIA Triton DALI Backend Integer Overflow",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL); NVIDIA as CNA scored 8.0 (HIGH). Integer overflow in the DALI backend on attacker-controlled sizes.",
+    "cisa_kev": false,
+    "poc_available": false,
+    "poc_description": "No public proof-of-concept at curation; disclosed via NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). Exploitation requires reaching the DALI backend with crafted inference input.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by researcher Navtej Kathuria through NVIDIA's coordinated security bulletin. The abused surface is the DALI media/data-augmentation backend of a widely deployed AI inference server.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; memory-safety / resource-handling in the inference backend.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Vendor bulletin disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "NVIDIA Triton Inference Server (DALI backend) prior to r26.03.",
+    "affected_versions": [
+      "NVIDIA Triton Inference Server < 26.03"
+    ],
+    "vector": "NVIDIA Triton's DALI backend mishandles an integer computation on attacker-controlled input sizes (CWE-190 integer overflow), which can corrupt memory and lead to code execution, data tampering, or denial of service.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable; precondition is the DALI backend processing attacker-supplied inference input.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is an application upgrade to Triton Inference Server r26.03 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade NVIDIA Triton Inference Server to r26.03 or later. Do not expose Triton's inference endpoints to untrusted networks, and validate/limit the size and shape of inputs routed to the DALI backend."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the AI inference server's media-processing backends as managed, memory-unsafe software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to the size/shape of inference inputs reaching the DALI backend.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference server's data-augmentation backend as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference backend as a network-exposed processing surface.",
+      "DORA-Art-9": "ICT protection measures do not model memory-safety / DoS in an AI inference backend as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for bounding the inference backend's processing of untrusted input.",
+      "AU-ISM-1546": "Patch-application control does not single out AI inference servers' media backends.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface requiring bounds and resource limits."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 11,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 0,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "P4 (RWEP 11, below the 20 \"standard\" band per lib/scoring.js timeline). A deliberate CVSS-vs-RWEP divergence (Hard Rule #3): NVD rates this 9.8 CRITICAL, but with no CISA KEV listing, no confirmed in-the-wild exploitation, no public PoC, and a patch available, the real-world exploit priority is low. blast_radius=26 minus patch 15; poc_available=0 (no public exploit).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-24214",
+    "cwe_refs": [
+      "CWE-190"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Triton DALI backend crashes, segfaults, or abnormal memory access while processing inference requests.",
+        "Inference requests to a Triton DALI model with anomalous input sizes / shapes (oversized dimensions, crafted media headers).",
+        "Unexpected process or memory behavior on the Triton host following DALI-routed requests.",
+        "NVIDIA Triton Inference Server below r26.03 with the DALI backend reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from NVD CVE-2026-24214 (CWE-190) and NVIDIA's May 2026 Triton Inference Server security bulletin (https://nvidia.custhelp.com/app/answers/detail/a_id/5828, researcher Navtej Kathuria)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-24214",
+      "https://nvidia.custhelp.com/app/answers/detail/a_id/5828"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVIDIA Product Security",
+        "advisory_id": "NVIDIA-5828",
+        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-24214",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24214",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-190; NIST CVSS 9.8) + NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). One of three DALI-backend flaws (with the other two) patched in r26.03; companions to the CVE-2026-24206/24207 authentication bypasses in the same bulletin.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "NVIDIA Triton's DALI backend has an integer overflow on attacker-controlled sizes (CWE-190), risking code execution; fixed in r26.03."
+  },
+  "CVE-2026-24215": {
+    "name": "NVIDIA Triton DALI Backend Uncontrolled Resource Consumption (DoS)",
+    "type": "DOS",
+    "cvss_score": 7.5,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 7.5 (HIGH, Availability-only). Uncontrolled resource consumption in the DALI backend leading to denial of service.",
+    "cisa_kev": false,
+    "poc_available": false,
+    "poc_description": "No public proof-of-concept at curation; disclosed via NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). Exploitation requires reaching the DALI backend with crafted inference input.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by researcher Navtej Kathuria through NVIDIA's coordinated security bulletin. The abused surface is the DALI media/data-augmentation backend of a widely deployed AI inference server.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; memory-safety / resource-handling in the inference backend.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Vendor bulletin disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "NVIDIA Triton Inference Server (DALI backend) prior to r26.03.",
+    "affected_versions": [
+      "NVIDIA Triton Inference Server < 26.03"
+    ],
+    "vector": "NVIDIA Triton's DALI backend does not bound resource use when processing crafted inference input (CWE-400), letting an unauthenticated attacker exhaust resources and deny service.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable; precondition is the DALI backend processing attacker-supplied inference input.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is an application upgrade to Triton Inference Server r26.03 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade NVIDIA Triton Inference Server to r26.03 or later. Do not expose Triton's inference endpoints to untrusted networks, and validate/limit the size and shape of inputs routed to the DALI backend."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the AI inference server's media-processing backends as managed, memory-unsafe software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to the size/shape of inference inputs reaching the DALI backend.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference server's data-augmentation backend as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference backend as a network-exposed processing surface.",
+      "DORA-Art-9": "ICT protection measures do not model memory-safety / DoS in an AI inference backend as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for bounding the inference backend's processing of untrusted input.",
+      "AU-ISM-1546": "Patch-application control does not single out AI inference servers' media backends.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface requiring bounds and resource limits."
+    },
+    "atlas_refs": [
+      "AML.T0049",
+      "AML.T0034.001"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1499"
+    ],
+    "rwep_score": 5,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 0,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 20,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "P4 (RWEP 5, below the 20 \"standard\" band per lib/scoring.js timeline). A deliberate CVSS-vs-RWEP divergence (Hard Rule #3): NVD rates this 7.5 HIGH, but with no CISA KEV listing, no confirmed in-the-wild exploitation, no public PoC, and a patch available, the real-world exploit priority is low. blast_radius=20 minus patch 15; poc_available=0 (no public exploit).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-24215",
+    "cwe_refs": [
+      "CWE-400"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Triton DALI backend crashes, segfaults, or abnormal memory access while processing inference requests.",
+        "Inference requests to a Triton DALI model with anomalous input sizes / shapes (oversized dimensions, crafted media headers).",
+        "Resource exhaustion (CPU/memory) on the Triton host correlated with DALI-routed requests.",
+        "NVIDIA Triton Inference Server below r26.03 with the DALI backend reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from NVD CVE-2026-24215 (CWE-400) and NVIDIA's May 2026 Triton Inference Server security bulletin (https://nvidia.custhelp.com/app/answers/detail/a_id/5828, researcher Navtej Kathuria)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-24215",
+      "https://nvidia.custhelp.com/app/answers/detail/a_id/5828"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVIDIA Product Security",
+        "advisory_id": "NVIDIA-5828",
+        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-24215",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24215",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-400; NIST CVSS 7.5) + NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). One of three DALI-backend flaws (with the other two) patched in r26.03; companions to the CVE-2026-24206/24207 authentication bypasses in the same bulletin.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "NVIDIA Triton's DALI backend can be driven to uncontrolled resource consumption (CWE-400) for denial of service; fixed in r26.03."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",