npm - @blamejs/exceptd-skills - Versions diffs - 0.13.88 → 0.13.89 - Mend

@blamejs/exceptd-skills 0.13.88 → 0.13.89

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/CHANGELOG.md +4 -0
package/data/_indexes/_meta.json +9 -9
package/data/_indexes/activity-feed.json +2 -2
package/data/_indexes/catalog-summaries.json +2 -2
package/data/_indexes/chains.json +1155 -0
package/data/atlas-ttps.json +7 -1
package/data/attack-techniques.json +6 -0
package/data/cve-catalog.json +311 -1
package/data/cwe-catalog.json +4 -1
package/data/framework-control-gaps.json +24 -0
package/data/zeroday-lessons.json +150 -0
package/manifest.json +44 -44
package/package.json +2 -2
package/sbom.cdx.json +25 -25

package/data/atlas-ttps.json CHANGED Viewed

@@ -1721,6 +1721,9 @@
       "CVE-2024-42479",
       "CVE-2025-64496",
       "CVE-2026-0766",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-34159"
     ]
   },
@@ -3047,7 +3050,10 @@
       "ATLAS"
     ],
     "stix_id": "attack-pattern--c54f84ef-93fd-560c-bbbb-5490753a2f97",
-    "is_subtechnique": true
+    "is_subtechnique": true,
+    "cve_refs": [
+      "CVE-2026-24215"
+    ]
   },
   "AML.T0034.002": {
     "id": "AML.T0034.002",

package/data/attack-techniques.json CHANGED Viewed

@@ -296,6 +296,8 @@
       "CVE-2026-22252",
       "CVE-2026-22688",
       "CVE-2026-22778",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
       "CVE-2026-25592",
       "CVE-2026-26015",
       "CVE-2026-30615",
@@ -991,6 +993,9 @@
       "CVE-2026-23760",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-25108",
       "CVE-2026-26015",
       "CVE-2026-30616",
@@ -2741,6 +2746,7 @@
     "notes": "Added v0.13.17 to support DoS-class KEV bulk imports.",
     "cve_refs": [
       "CVE-2025-6543",
+      "CVE-2026-24215",
       "CVE-2026-45498"
     ],
     "description_full": "Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users. Endpoint DoS can be performed by exhausting the system resources those services are hosted on or exploiting the system to cause a persistent crash condition. Example services include websites, email services, DNS, and web-based applications. Adversaries have been observed conducting DoS attacks for political purposes(Citation: FireEye OpPoisonedHandover February 2016) and to support other malicious activities, including distraction(Citation: FSISAC FraudNetDoS September 2012), hacktivism, and extortion.(Citation: Symantec DDoS October 2014) An Endpoint DoS denies the availability of a service without saturating the network used to provide access to the service. Adversaries can target various layers of the application stack that is hosted on the system used to provide the service. These layers include the Operating Systems (OS), server applications such as web servers, DNS servers, databases, and the (typically web-based) applications that sit on top of them. Attacking each layer requires different techniques that take advantage of bottlenecks that are unique to the respective components. A DoS attack may be generated by a single system or multiple systems spread across the internet, which is commonly referred to as a distributed DoS (DDoS). To perform DoS attacks against endpoint resources, several aspects apply to multiple methods, including IP address spoofing and botnets. Adversaries may use the original IP address of an attacking system, or spoof the source IP address to make the attack traffic more difficult to trace back to the attacking system or to enable reflection. This can increase the difficulty defenders have in defending against the attack by reducing or eliminating the effectiveness of filtering by the source address on network defense devices. Botnets are commonly used to conduct DDoS attacks against networks and services. Large botnets can generate a significant amount of traffic from systems spread across the global internet. Adversaries may have the resources to build out and control their own botnet infrastructure or may rent time on an existing botnet to conduct an attack. In some of the worst cases for DDoS, so many systems are used to generate requests that each one only needs to send out a small amount of traffic to produce enough volume to exhaust the target's resources. In such circumstances, distinguishing DDoS traffic from legitimate clients becomes exceedingly difficult. Botnets have been used in some of the most high-profile DDoS attacks, such as the 2012 series of incidents that targeted major US banks.(Citation: USNYAG IranianBotnet March 2016) In cases where traffic manipulation is used, there may be points in the global network (such as high traffic gateway routers) where packets can be altered and cause legitimate clients to execute code that directs network packets toward a target in high volume. This type of capability was previously used for the purposes of web censorship where client HTTP traffic was modified to include a reference to JavaScript that generated the DDoS code to overwhelm target web servers.(Citation: ArsTechnica Great Firewall of China) For attacks attempting to saturate the providing network, see [Network Denial of Service](https://attack.mitre.org/techniques/T1498).",

package/data/cve-catalog.json CHANGED Viewed

@@ -55,7 +55,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.034,
+      "current_rate": 0.033,
       "current_floor_enforced_by_test": 0.03,
       "ladder_to_target": [
         0.03,
@@ -13300,6 +13300,316 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "Hugging Face Transformers' Trax loader deserializes untrusted model files (CWE-502), so loading a malicious model/config executes code; fixed in 4.48.0."
   },
+  "CVE-2026-24213": {
+    "name": "NVIDIA Triton DALI Backend Out-of-Bounds Read",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL); NVIDIA as CNA scored 8.0 (HIGH) citing stricter prerequisites. Out-of-bounds read in the DALI backend processing inference input.",
+    "cisa_kev": false,
+    "poc_available": false,
+    "poc_description": "No public proof-of-concept at curation; disclosed via NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). Exploitation requires reaching the DALI backend with crafted inference input.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by researcher Navtej Kathuria through NVIDIA's coordinated security bulletin. The abused surface is the DALI media/data-augmentation backend of a widely deployed AI inference server.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; memory-safety / resource-handling in the inference backend.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Vendor bulletin disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "NVIDIA Triton Inference Server (DALI backend) prior to r26.03.",
+    "affected_versions": [
+      "NVIDIA Triton Inference Server < 26.03"
+    ],
+    "vector": "NVIDIA Triton's DALI (Data Augmentation Library) backend reads out of bounds while processing attacker-supplied inference input (CWE-125), which can lead to code execution, data tampering, denial of service, or information disclosure.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable; precondition is the DALI backend processing attacker-supplied inference input.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is an application upgrade to Triton Inference Server r26.03 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade NVIDIA Triton Inference Server to r26.03 or later. Do not expose Triton's inference endpoints to untrusted networks, and validate/limit the size and shape of inputs routed to the DALI backend."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the AI inference server's media-processing backends as managed, memory-unsafe software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to the size/shape of inference inputs reaching the DALI backend.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference server's data-augmentation backend as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference backend as a network-exposed processing surface.",
+      "DORA-Art-9": "ICT protection measures do not model memory-safety / DoS in an AI inference backend as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for bounding the inference backend's processing of untrusted input.",
+      "AU-ISM-1546": "Patch-application control does not single out AI inference servers' media backends.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface requiring bounds and resource limits."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 11,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 0,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "P4 (RWEP 11, below the 20 \"standard\" band per lib/scoring.js timeline). A deliberate CVSS-vs-RWEP divergence (Hard Rule #3): NVD rates this 9.8 CRITICAL, but with no CISA KEV listing, no confirmed in-the-wild exploitation, no public PoC, and a patch available, the real-world exploit priority is low. blast_radius=26 minus patch 15; poc_available=0 (no public exploit).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-24213",
+    "cwe_refs": [
+      "CWE-125"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Triton DALI backend crashes, segfaults, or abnormal memory access while processing inference requests.",
+        "Inference requests to a Triton DALI model with anomalous input sizes / shapes (oversized dimensions, crafted media headers).",
+        "Unexpected process or memory behavior on the Triton host following DALI-routed requests.",
+        "NVIDIA Triton Inference Server below r26.03 with the DALI backend reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from NVD CVE-2026-24213 (CWE-125) and NVIDIA's May 2026 Triton Inference Server security bulletin (https://nvidia.custhelp.com/app/answers/detail/a_id/5828, researcher Navtej Kathuria)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-24213",
+      "https://nvidia.custhelp.com/app/answers/detail/a_id/5828"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVIDIA Product Security",
+        "advisory_id": "NVIDIA-5828",
+        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-24213",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24213",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-125; NIST CVSS 9.8) + NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). One of three DALI-backend flaws (with the other two) patched in r26.03; companions to the CVE-2026-24206/24207 authentication bypasses in the same bulletin.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "NVIDIA Triton's DALI backend reads out of bounds on attacker-supplied inference input (CWE-125), risking code execution / disclosure; fixed in r26.03."
+  },
+  "CVE-2026-24214": {
+    "name": "NVIDIA Triton DALI Backend Integer Overflow",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL); NVIDIA as CNA scored 8.0 (HIGH). Integer overflow in the DALI backend on attacker-controlled sizes.",
+    "cisa_kev": false,
+    "poc_available": false,
+    "poc_description": "No public proof-of-concept at curation; disclosed via NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). Exploitation requires reaching the DALI backend with crafted inference input.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by researcher Navtej Kathuria through NVIDIA's coordinated security bulletin. The abused surface is the DALI media/data-augmentation backend of a widely deployed AI inference server.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; memory-safety / resource-handling in the inference backend.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Vendor bulletin disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "NVIDIA Triton Inference Server (DALI backend) prior to r26.03.",
+    "affected_versions": [
+      "NVIDIA Triton Inference Server < 26.03"
+    ],
+    "vector": "NVIDIA Triton's DALI backend mishandles an integer computation on attacker-controlled input sizes (CWE-190 integer overflow), which can corrupt memory and lead to code execution, data tampering, or denial of service.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable; precondition is the DALI backend processing attacker-supplied inference input.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is an application upgrade to Triton Inference Server r26.03 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade NVIDIA Triton Inference Server to r26.03 or later. Do not expose Triton's inference endpoints to untrusted networks, and validate/limit the size and shape of inputs routed to the DALI backend."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the AI inference server's media-processing backends as managed, memory-unsafe software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to the size/shape of inference inputs reaching the DALI backend.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference server's data-augmentation backend as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference backend as a network-exposed processing surface.",
+      "DORA-Art-9": "ICT protection measures do not model memory-safety / DoS in an AI inference backend as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for bounding the inference backend's processing of untrusted input.",
+      "AU-ISM-1546": "Patch-application control does not single out AI inference servers' media backends.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface requiring bounds and resource limits."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 11,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 0,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "P4 (RWEP 11, below the 20 \"standard\" band per lib/scoring.js timeline). A deliberate CVSS-vs-RWEP divergence (Hard Rule #3): NVD rates this 9.8 CRITICAL, but with no CISA KEV listing, no confirmed in-the-wild exploitation, no public PoC, and a patch available, the real-world exploit priority is low. blast_radius=26 minus patch 15; poc_available=0 (no public exploit).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-24214",
+    "cwe_refs": [
+      "CWE-190"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Triton DALI backend crashes, segfaults, or abnormal memory access while processing inference requests.",
+        "Inference requests to a Triton DALI model with anomalous input sizes / shapes (oversized dimensions, crafted media headers).",
+        "Unexpected process or memory behavior on the Triton host following DALI-routed requests.",
+        "NVIDIA Triton Inference Server below r26.03 with the DALI backend reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from NVD CVE-2026-24214 (CWE-190) and NVIDIA's May 2026 Triton Inference Server security bulletin (https://nvidia.custhelp.com/app/answers/detail/a_id/5828, researcher Navtej Kathuria)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-24214",
+      "https://nvidia.custhelp.com/app/answers/detail/a_id/5828"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVIDIA Product Security",
+        "advisory_id": "NVIDIA-5828",
+        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-24214",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24214",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-190; NIST CVSS 9.8) + NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). One of three DALI-backend flaws (with the other two) patched in r26.03; companions to the CVE-2026-24206/24207 authentication bypasses in the same bulletin.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "NVIDIA Triton's DALI backend has an integer overflow on attacker-controlled sizes (CWE-190), risking code execution; fixed in r26.03."
+  },
+  "CVE-2026-24215": {
+    "name": "NVIDIA Triton DALI Backend Uncontrolled Resource Consumption (DoS)",
+    "type": "DOS",
+    "cvss_score": 7.5,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 7.5 (HIGH, Availability-only). Uncontrolled resource consumption in the DALI backend leading to denial of service.",
+    "cisa_kev": false,
+    "poc_available": false,
+    "poc_description": "No public proof-of-concept at curation; disclosed via NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). Exploitation requires reaching the DALI backend with crafted inference input.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by researcher Navtej Kathuria through NVIDIA's coordinated security bulletin. The abused surface is the DALI media/data-augmentation backend of a widely deployed AI inference server.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; memory-safety / resource-handling in the inference backend.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Vendor bulletin disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "NVIDIA Triton Inference Server (DALI backend) prior to r26.03.",
+    "affected_versions": [
+      "NVIDIA Triton Inference Server < 26.03"
+    ],
+    "vector": "NVIDIA Triton's DALI backend does not bound resource use when processing crafted inference input (CWE-400), letting an unauthenticated attacker exhaust resources and deny service.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable; precondition is the DALI backend processing attacker-supplied inference input.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is an application upgrade to Triton Inference Server r26.03 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade NVIDIA Triton Inference Server to r26.03 or later. Do not expose Triton's inference endpoints to untrusted networks, and validate/limit the size and shape of inputs routed to the DALI backend."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the AI inference server's media-processing backends as managed, memory-unsafe software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to the size/shape of inference inputs reaching the DALI backend.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference server's data-augmentation backend as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference backend as a network-exposed processing surface.",
+      "DORA-Art-9": "ICT protection measures do not model memory-safety / DoS in an AI inference backend as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for bounding the inference backend's processing of untrusted input.",
+      "AU-ISM-1546": "Patch-application control does not single out AI inference servers' media backends.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface requiring bounds and resource limits."
+    },
+    "atlas_refs": [
+      "AML.T0049",
+      "AML.T0034.001"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1499"
+    ],
+    "rwep_score": 5,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 0,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 20,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "P4 (RWEP 5, below the 20 \"standard\" band per lib/scoring.js timeline). A deliberate CVSS-vs-RWEP divergence (Hard Rule #3): NVD rates this 7.5 HIGH, but with no CISA KEV listing, no confirmed in-the-wild exploitation, no public PoC, and a patch available, the real-world exploit priority is low. blast_radius=20 minus patch 15; poc_available=0 (no public exploit).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-24215",
+    "cwe_refs": [
+      "CWE-400"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Triton DALI backend crashes, segfaults, or abnormal memory access while processing inference requests.",
+        "Inference requests to a Triton DALI model with anomalous input sizes / shapes (oversized dimensions, crafted media headers).",
+        "Resource exhaustion (CPU/memory) on the Triton host correlated with DALI-routed requests.",
+        "NVIDIA Triton Inference Server below r26.03 with the DALI backend reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from NVD CVE-2026-24215 (CWE-400) and NVIDIA's May 2026 Triton Inference Server security bulletin (https://nvidia.custhelp.com/app/answers/detail/a_id/5828, researcher Navtej Kathuria)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-24215",
+      "https://nvidia.custhelp.com/app/answers/detail/a_id/5828"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVIDIA Product Security",
+        "advisory_id": "NVIDIA-5828",
+        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-24215",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24215",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-400; NIST CVSS 7.5) + NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). One of three DALI-backend flaws (with the other two) patched in r26.03; companions to the CVE-2026-24206/24207 authentication bypasses in the same bulletin.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "NVIDIA Triton's DALI backend can be driven to uncontrolled resource consumption (CWE-400) for denial of service; fixed in r26.03."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",

package/data/cwe-catalog.json CHANGED Viewed

@@ -463,6 +463,7 @@
       "CVE-2025-48633",
       "CVE-2025-5419",
       "CVE-2025-5777",
+      "CVE-2026-24213",
       "CVE-2026-3055"
     ],
     "framework_controls_partially_addressing": [
@@ -2332,7 +2333,8 @@
     "evidence_cves": [
       "CVE-2018-14634",
       "CVE-2021-30952",
-      "CVE-2026-21385"
+      "CVE-2026-21385",
+      "CVE-2026-24214"
     ],
     "last_verified": "2026-05-18",
     "notes": "Added v0.13.17 KEV bulk-import."
@@ -2945,6 +2947,7 @@
     ],
     "related_weaknesses": [],
     "evidence_cves": [
+      "CVE-2026-24215",
       "CVE-2026-45498"
     ],
     "last_verified": "2026-05-19",

package/data/framework-control-gaps.json CHANGED Viewed

@@ -63,6 +63,9 @@
       "CVE-2026-22688",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-26015",
       "CVE-2026-30616",
       "CVE-2026-30617",
@@ -1572,6 +1575,9 @@
       "CVE-2026-22769",
       "CVE-2026-23760",
       "CVE-2026-24061",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-2441",
       "CVE-2026-24423",
       "CVE-2026-24858",
@@ -1819,6 +1825,9 @@
       "CVE-2026-22688",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-25592",
       "CVE-2026-26015",
       "CVE-2026-30616",
@@ -2252,6 +2261,9 @@
       "CVE-2025-6965",
       "CVE-2025-8747",
       "CVE-2026-0766",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-39884",
       "CVE-2026-42208",
       "CVE-2026-9082"
@@ -2597,6 +2609,9 @@
       "CVE-2026-24061",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-2441",
       "CVE-2026-24423",
       "CVE-2026-24858",
@@ -4910,6 +4925,9 @@
       "CVE-2026-22688",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-25592",
       "CVE-2026-26015",
       "CVE-2026-30616",
@@ -5436,6 +5454,9 @@
       "CVE-2026-0766",
       "CVE-2026-22252",
       "CVE-2026-22688",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-25592",
       "CVE-2026-26015",
       "CVE-2026-30616",
@@ -5511,6 +5532,9 @@
       "CVE-2026-22688",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-25592",
       "CVE-2026-26015",
       "CVE-2026-30616",

package/data/zeroday-lessons.json CHANGED Viewed

@@ -6783,6 +6783,156 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation"
   },
+  "CVE-2026-24213": {
+    "name": "NVIDIA Triton DALI Backend Out-of-Bounds Read",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "NVIDIA Triton's DALI data-augmentation backend mishandles attacker-supplied inference input (CWE-125 out-of-bounds read), which can corrupt memory and lead to code execution or information disclosure.",
+      "privileges_required": "none (NVD AV:N / PR:N) — network-reachable inference input",
+      "complexity": "low (NVD AC:L)",
+      "ai_factor": "The abused surface is the media/data-augmentation backend of a widely deployed AI inference server, which processes untrusted inference input. The lesson: inference backends that decode or transform attacker-supplied data are memory-safety and availability surfaces that must bounds-check and resource-limit, and the inference endpoint must not be network-exposed to untrusted clients. This is also a clean CVSS-vs-RWEP case (NVD CRITICAL, but patched + no exploitation = low real-world priority)."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the inference server's media-processing backends as managed, memory-unsafe software."
+      },
+      "NIST-800-53-SI-10": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Input validation is not applied to the size/shape of inference inputs reaching the DALI backend."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 60,
+      "basis": "Inference servers' media backends are not tracked as memory-unsafe attack surface; input size/shape limits on inference requests are rarely enforced.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-096",
+        "name": "AI-INFERENCE-BACKEND-INPUT-HARDENING",
+        "description": "An AI inference server's media/data-augmentation backends (e.g. NVIDIA Triton DALI) must validate and bound the size and shape of untrusted inference input, enforce resource limits, and run with memory-safety mitigations; the inference endpoint must not be exposed to untrusted networks. Upgrade Triton to r26.03 or later. The distinguishing test: send crafted inference inputs (oversized dimensions, malformed media headers) to a staging DALI model and confirm they are rejected/bounded rather than causing crashes or resource exhaustion.",
+        "evidence": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SI-10",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
+  "CVE-2026-24214": {
+    "name": "NVIDIA Triton DALI Backend Integer Overflow",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "NVIDIA Triton's DALI data-augmentation backend mishandles attacker-supplied inference input (CWE-190 integer overflow), which can corrupt memory and lead to code execution or information disclosure.",
+      "privileges_required": "none (NVD AV:N / PR:N) — network-reachable inference input",
+      "complexity": "low (NVD AC:L)",
+      "ai_factor": "The abused surface is the media/data-augmentation backend of a widely deployed AI inference server, which processes untrusted inference input. The lesson: inference backends that decode or transform attacker-supplied data are memory-safety and availability surfaces that must bounds-check and resource-limit, and the inference endpoint must not be network-exposed to untrusted clients. This is also a clean CVSS-vs-RWEP case (NVD CRITICAL, but patched + no exploitation = low real-world priority)."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the inference server's media-processing backends as managed, memory-unsafe software."
+      },
+      "NIST-800-53-SI-10": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Input validation is not applied to the size/shape of inference inputs reaching the DALI backend."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 60,
+      "basis": "Inference servers' media backends are not tracked as memory-unsafe attack surface; input size/shape limits on inference requests are rarely enforced.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-096",
+        "name": "AI-INFERENCE-BACKEND-INPUT-HARDENING",
+        "description": "An AI inference server's media/data-augmentation backends (e.g. NVIDIA Triton DALI) must validate and bound the size and shape of untrusted inference input, enforce resource limits, and run with memory-safety mitigations; the inference endpoint must not be exposed to untrusted networks. Upgrade Triton to r26.03 or later. The distinguishing test: send crafted inference inputs (oversized dimensions, malformed media headers) to a staging DALI model and confirm they are rejected/bounded rather than causing crashes or resource exhaustion.",
+        "evidence": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SI-10",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
+  "CVE-2026-24215": {
+    "name": "NVIDIA Triton DALI Backend Uncontrolled Resource Consumption (DoS)",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "NVIDIA Triton's DALI data-augmentation backend mishandles attacker-supplied inference input (CWE-400 uncontrolled resource consumption), letting an unauthenticated attacker exhaust resources and deny service.",
+      "privileges_required": "none (NVD AV:N / PR:N) — network-reachable inference input",
+      "complexity": "low (NVD AC:L)",
+      "ai_factor": "The abused surface is the media/data-augmentation backend of a widely deployed AI inference server, which processes untrusted inference input. The lesson: inference backends that decode or transform attacker-supplied data are memory-safety and availability surfaces that must bounds-check and resource-limit, and the inference endpoint must not be network-exposed to untrusted clients. This is also a clean CVSS-vs-RWEP case (NVD rates it HIGH, but patched + no exploitation = low real-world priority)."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the inference server's media-processing backends as managed, memory-unsafe software."
+      },
+      "NIST-800-53-SI-10": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Input validation is not applied to the size/shape of inference inputs reaching the DALI backend."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 58,
+      "basis": "Inference servers' media backends are not tracked as memory-unsafe attack surface; input size/shape limits on inference requests are rarely enforced.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-096",
+        "name": "AI-INFERENCE-BACKEND-INPUT-HARDENING",
+        "description": "An AI inference server's media/data-augmentation backends (e.g. NVIDIA Triton DALI) must validate and bound the size and shape of untrusted inference input, enforce resource limits, and run with memory-safety mitigations; the inference endpoint must not be exposed to untrusted networks. Upgrade Triton to r26.03 or later. The distinguishing test: send crafted inference inputs (oversized dimensions, malformed media headers) to a staging DALI model and confirm they are rejected/bounded rather than causing crashes or resource exhaustion.",
+        "evidence": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SI-10",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
   "CVE-2026-24206": {
     "name": "NVIDIA Triton Inference Server Authentication Bypass (Alternate Channel)",
     "lesson_date": "2026-05-25",