@blamejs/exceptd-skills 0.13.88 → 0.13.90

package/data/atlas-ttps.json

@@ -1719,8 +1719,13 @@
       "CVE-2024-39722",
       "CVE-2024-42478",
       "CVE-2024-42479",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-64496",
       "CVE-2026-0766",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-34159"
     ]
   },
@@ -3047,7 +3052,10 @@
       "ATLAS"
     ],
     "stix_id": "attack-pattern--c54f84ef-93fd-560c-bbbb-5490753a2f97",
-    "is_subtechnique": true
+    "is_subtechnique": true,
+    "cve_refs": [
+      "CVE-2026-24215"
+    ]
   },
   "AML.T0034.002": {
     "id": "AML.T0034.002",

package/data/attack-techniques.json

@@ -197,6 +197,9 @@
     "tactic": [
       "Credential Access",
       "Discovery"
+    ],
+    "cve_refs": [
+      "CVE-2025-30202"
     ]
   },
   "T1041": {
@@ -283,6 +286,7 @@
       "CVE-2025-1550",
       "CVE-2025-23254",
       "CVE-2025-30165",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-53773",
@@ -296,6 +300,8 @@
       "CVE-2026-22252",
       "CVE-2026-22688",
       "CVE-2026-22778",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
       "CVE-2026-25592",
       "CVE-2026-26015",
       "CVE-2026-30615",
@@ -885,10 +891,12 @@
       "CVE-2025-2776",
       "CVE-2025-29635",
       "CVE-2025-30165",
+      "CVE-2025-30202",
       "CVE-2025-30397",
       "CVE-2025-31125",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32706",
       "CVE-2025-32756",
@@ -991,6 +999,9 @@
       "CVE-2026-23760",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-25108",
       "CVE-2026-26015",
       "CVE-2026-30616",
@@ -2740,7 +2751,9 @@
     "last_verified": "2026-05-19",
     "notes": "Added v0.13.17 to support DoS-class KEV bulk imports.",
     "cve_refs": [
+      "CVE-2025-30202",
       "CVE-2025-6543",
+      "CVE-2026-24215",
       "CVE-2026-45498"
     ],
     "description_full": "Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users. Endpoint DoS can be performed by exhausting the system resources those services are hosted on or exploiting the system to cause a persistent crash condition. Example services include websites, email services, DNS, and web-based applications. Adversaries have been observed conducting DoS attacks for political purposes(Citation: FireEye OpPoisonedHandover February 2016) and to support other malicious activities, including distraction(Citation: FSISAC FraudNetDoS September 2012), hacktivism, and extortion.(Citation: Symantec DDoS October 2014) An Endpoint DoS denies the availability of a service without saturating the network used to provide access to the service. Adversaries can target various layers of the application stack that is hosted on the system used to provide the service. These layers include the Operating Systems (OS), server applications such as web servers, DNS servers, databases, and the (typically web-based) applications that sit on top of them. Attacking each layer requires different techniques that take advantage of bottlenecks that are unique to the respective components. A DoS attack may be generated by a single system or multiple systems spread across the internet, which is commonly referred to as a distributed DoS (DDoS). To perform DoS attacks against endpoint resources, several aspects apply to multiple methods, including IP address spoofing and botnets. Adversaries may use the original IP address of an attacking system, or spoof the source IP address to make the attack traffic more difficult to trace back to the attacking system or to enable reflection. This can increase the difficulty defenders have in defending against the attack by reducing or eliminating the effectiveness of filtering by the source address on network defense devices. Botnets are commonly used to conduct DDoS attacks against networks and services. Large botnets can generate a significant amount of traffic from systems spread across the global internet. Adversaries may have the resources to build out and control their own botnet infrastructure or may rent time on an existing botnet to conduct an attack. In some of the worst cases for DDoS, so many systems are used to generate requests that each one only needs to send out a small amount of traffic to produce enough volume to exhaust the target's resources. In such circumstances, distinguishing DDoS traffic from legitimate clients becomes exceedingly difficult. Botnets have been used in some of the most high-profile DDoS attacks, such as the 2012 series of incidents that targeted major US banks.(Citation: USNYAG IranianBotnet March 2016) In cases where traffic manipulation is used, there may be points in the global network (such as high traffic gateway routers) where packets can be altered and cause legitimate clients to execute code that directs network packets toward a target in high volume. This type of capability was previously used for the purposes of web censorship where client HTTP traffic was modified to include a reference to JavaScript that generated the DDoS code to overwhelm target web servers.(Citation: ArsTechnica Great Firewall of China) For attacks attempting to saturate the providing network, see [Network Denial of Service](https://attack.mitre.org/techniques/T1498).",

package/data/cve-catalog.json

@@ -55,7 +55,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.034,
+      "current_rate": 0.033,
       "current_floor_enforced_by_test": 0.03,
       "ladder_to_target": [
         0.03,
@@ -13300,6 +13300,523 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "Hugging Face Transformers' Trax loader deserializes untrusted model files (CWE-502), so loading a malicious model/config executes code; fixed in 4.48.0."
   },
+  "CVE-2026-24213": {
+    "name": "NVIDIA Triton DALI Backend Out-of-Bounds Read",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL); NVIDIA as CNA scored 8.0 (HIGH) citing stricter prerequisites. Out-of-bounds read in the DALI backend processing inference input.",
+    "cisa_kev": false,
+    "poc_available": false,
+    "poc_description": "No public proof-of-concept at curation; disclosed via NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). Exploitation requires reaching the DALI backend with crafted inference input.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by researcher Navtej Kathuria through NVIDIA's coordinated security bulletin. The abused surface is the DALI media/data-augmentation backend of a widely deployed AI inference server.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; memory-safety / resource-handling in the inference backend.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Vendor bulletin disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "NVIDIA Triton Inference Server (DALI backend) prior to r26.03.",
+    "affected_versions": [
+      "NVIDIA Triton Inference Server < 26.03"
+    ],
+    "vector": "NVIDIA Triton's DALI (Data Augmentation Library) backend reads out of bounds while processing attacker-supplied inference input (CWE-125), which can lead to code execution, data tampering, denial of service, or information disclosure.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable; precondition is the DALI backend processing attacker-supplied inference input.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is an application upgrade to Triton Inference Server r26.03 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade NVIDIA Triton Inference Server to r26.03 or later. Do not expose Triton's inference endpoints to untrusted networks, and validate/limit the size and shape of inputs routed to the DALI backend."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the AI inference server's media-processing backends as managed, memory-unsafe software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to the size/shape of inference inputs reaching the DALI backend.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference server's data-augmentation backend as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference backend as a network-exposed processing surface.",
+      "DORA-Art-9": "ICT protection measures do not model memory-safety / DoS in an AI inference backend as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for bounding the inference backend's processing of untrusted input.",
+      "AU-ISM-1546": "Patch-application control does not single out AI inference servers' media backends.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface requiring bounds and resource limits."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 11,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 0,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "P4 (RWEP 11, below the 20 \"standard\" band per lib/scoring.js timeline). A deliberate CVSS-vs-RWEP divergence (Hard Rule #3): NVD rates this 9.8 CRITICAL, but with no CISA KEV listing, no confirmed in-the-wild exploitation, no public PoC, and a patch available, the real-world exploit priority is low. blast_radius=26 minus patch 15; poc_available=0 (no public exploit).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-24213",
+    "cwe_refs": [
+      "CWE-125"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Triton DALI backend crashes, segfaults, or abnormal memory access while processing inference requests.",
+        "Inference requests to a Triton DALI model with anomalous input sizes / shapes (oversized dimensions, crafted media headers).",
+        "Unexpected process or memory behavior on the Triton host following DALI-routed requests.",
+        "NVIDIA Triton Inference Server below r26.03 with the DALI backend reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from NVD CVE-2026-24213 (CWE-125) and NVIDIA's May 2026 Triton Inference Server security bulletin (https://nvidia.custhelp.com/app/answers/detail/a_id/5828, researcher Navtej Kathuria)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-24213",
+      "https://nvidia.custhelp.com/app/answers/detail/a_id/5828"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVIDIA Product Security",
+        "advisory_id": "NVIDIA-5828",
+        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-24213",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24213",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-125; NIST CVSS 9.8) + NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). One of three DALI-backend flaws (with the other two) patched in r26.03; companions to the CVE-2026-24206/24207 authentication bypasses in the same bulletin.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "NVIDIA Triton's DALI backend reads out of bounds on attacker-supplied inference input (CWE-125), risking code execution / disclosure; fixed in r26.03."
+  },
+  "CVE-2026-24214": {
+    "name": "NVIDIA Triton DALI Backend Integer Overflow",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL); NVIDIA as CNA scored 8.0 (HIGH). Integer overflow in the DALI backend on attacker-controlled sizes.",
+    "cisa_kev": false,
+    "poc_available": false,
+    "poc_description": "No public proof-of-concept at curation; disclosed via NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). Exploitation requires reaching the DALI backend with crafted inference input.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by researcher Navtej Kathuria through NVIDIA's coordinated security bulletin. The abused surface is the DALI media/data-augmentation backend of a widely deployed AI inference server.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; memory-safety / resource-handling in the inference backend.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Vendor bulletin disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "NVIDIA Triton Inference Server (DALI backend) prior to r26.03.",
+    "affected_versions": [
+      "NVIDIA Triton Inference Server < 26.03"
+    ],
+    "vector": "NVIDIA Triton's DALI backend mishandles an integer computation on attacker-controlled input sizes (CWE-190 integer overflow), which can corrupt memory and lead to code execution, data tampering, or denial of service.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable; precondition is the DALI backend processing attacker-supplied inference input.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is an application upgrade to Triton Inference Server r26.03 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade NVIDIA Triton Inference Server to r26.03 or later. Do not expose Triton's inference endpoints to untrusted networks, and validate/limit the size and shape of inputs routed to the DALI backend."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the AI inference server's media-processing backends as managed, memory-unsafe software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to the size/shape of inference inputs reaching the DALI backend.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference server's data-augmentation backend as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference backend as a network-exposed processing surface.",
+      "DORA-Art-9": "ICT protection measures do not model memory-safety / DoS in an AI inference backend as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for bounding the inference backend's processing of untrusted input.",
+      "AU-ISM-1546": "Patch-application control does not single out AI inference servers' media backends.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface requiring bounds and resource limits."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 11,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 0,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "P4 (RWEP 11, below the 20 \"standard\" band per lib/scoring.js timeline). A deliberate CVSS-vs-RWEP divergence (Hard Rule #3): NVD rates this 9.8 CRITICAL, but with no CISA KEV listing, no confirmed in-the-wild exploitation, no public PoC, and a patch available, the real-world exploit priority is low. blast_radius=26 minus patch 15; poc_available=0 (no public exploit).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-24214",
+    "cwe_refs": [
+      "CWE-190"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Triton DALI backend crashes, segfaults, or abnormal memory access while processing inference requests.",
+        "Inference requests to a Triton DALI model with anomalous input sizes / shapes (oversized dimensions, crafted media headers).",
+        "Unexpected process or memory behavior on the Triton host following DALI-routed requests.",
+        "NVIDIA Triton Inference Server below r26.03 with the DALI backend reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from NVD CVE-2026-24214 (CWE-190) and NVIDIA's May 2026 Triton Inference Server security bulletin (https://nvidia.custhelp.com/app/answers/detail/a_id/5828, researcher Navtej Kathuria)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-24214",
+      "https://nvidia.custhelp.com/app/answers/detail/a_id/5828"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVIDIA Product Security",
+        "advisory_id": "NVIDIA-5828",
+        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-24214",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24214",
+        "severity": "critical",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-190; NIST CVSS 9.8) + NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). One of three DALI-backend flaws (with the other two) patched in r26.03; companions to the CVE-2026-24206/24207 authentication bypasses in the same bulletin.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "NVIDIA Triton's DALI backend has an integer overflow on attacker-controlled sizes (CWE-190), risking code execution; fixed in r26.03."
+  },
+  "CVE-2026-24215": {
+    "name": "NVIDIA Triton DALI Backend Uncontrolled Resource Consumption (DoS)",
+    "type": "DOS",
+    "cvss_score": 7.5,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 7.5 (HIGH, Availability-only). Uncontrolled resource consumption in the DALI backend leading to denial of service.",
+    "cisa_kev": false,
+    "poc_available": false,
+    "poc_description": "No public proof-of-concept at curation; disclosed via NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). Exploitation requires reaching the DALI backend with crafted inference input.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by researcher Navtej Kathuria through NVIDIA's coordinated security bulletin. The abused surface is the DALI media/data-augmentation backend of a widely deployed AI inference server.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; memory-safety / resource-handling in the inference backend.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Vendor bulletin disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "NVIDIA Triton Inference Server (DALI backend) prior to r26.03.",
+    "affected_versions": [
+      "NVIDIA Triton Inference Server < 26.03"
+    ],
+    "vector": "NVIDIA Triton's DALI backend does not bound resource use when processing crafted inference input (CWE-400), letting an unauthenticated attacker exhaust resources and deny service.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable; precondition is the DALI backend processing attacker-supplied inference input.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is an application upgrade to Triton Inference Server r26.03 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade NVIDIA Triton Inference Server to r26.03 or later. Do not expose Triton's inference endpoints to untrusted networks, and validate/limit the size and shape of inputs routed to the DALI backend."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the AI inference server's media-processing backends as managed, memory-unsafe software.",
+      "NIST-800-53-SI-10": "Input-validation control is not applied to the size/shape of inference inputs reaching the DALI backend.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference server's data-augmentation backend as a memory-safety surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference backend as a network-exposed processing surface.",
+      "DORA-Art-9": "ICT protection measures do not model memory-safety / DoS in an AI inference backend as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for bounding the inference backend's processing of untrusted input.",
+      "AU-ISM-1546": "Patch-application control does not single out AI inference servers' media backends.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface requiring bounds and resource limits."
+    },
+    "atlas_refs": [
+      "AML.T0049",
+      "AML.T0034.001"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1499"
+    ],
+    "rwep_score": 5,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 0,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 20,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "P4 (RWEP 5, below the 20 \"standard\" band per lib/scoring.js timeline). A deliberate CVSS-vs-RWEP divergence (Hard Rule #3): NVD rates this 7.5 HIGH, but with no CISA KEV listing, no confirmed in-the-wild exploitation, no public PoC, and a patch available, the real-world exploit priority is low. blast_radius=20 minus patch 15; poc_available=0 (no public exploit).",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-24215",
+    "cwe_refs": [
+      "CWE-400"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Triton DALI backend crashes, segfaults, or abnormal memory access while processing inference requests.",
+        "Inference requests to a Triton DALI model with anomalous input sizes / shapes (oversized dimensions, crafted media headers).",
+        "Resource exhaustion (CPU/memory) on the Triton host correlated with DALI-routed requests.",
+        "NVIDIA Triton Inference Server below r26.03 with the DALI backend reachable from untrusted networks — the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from NVD CVE-2026-24215 (CWE-400) and NVIDIA's May 2026 Triton Inference Server security bulletin (https://nvidia.custhelp.com/app/answers/detail/a_id/5828, researcher Navtej Kathuria)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-24215",
+      "https://nvidia.custhelp.com/app/answers/detail/a_id/5828"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVIDIA Product Security",
+        "advisory_id": "NVIDIA-5828",
+        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-24215",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24215",
+        "severity": "high",
+        "published_date": "2026-05-20"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-400; NIST CVSS 7.5) + NVIDIA's May 2026 Triton security bulletin (researcher Navtej Kathuria). One of three DALI-backend flaws (with the other two) patched in r26.03; companions to the CVE-2026-24206/24207 authentication bypasses in the same bulletin.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "NVIDIA Triton's DALI backend can be driven to uncontrolled resource consumption (CWE-400) for denial of service; fixed in r26.03."
+  },
+  "CVE-2025-32444": {
+    "name": "vLLM Mooncake Integration ZeroMQ Deserialization RCE",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL). pickle-based serialization over unsecured ZeroMQ sockets in the Mooncake KV-transfer integration (CWE-502); network-reachable unauthenticated RCE.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the vLLM GitHub security advisory (GHSA-hj4w-hm2g-p6w5): a crafted serialized payload sent to the Mooncake ZeroMQ sockets executes code.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via the vLLM project's GitHub security advisories. The abused surface is the distributed-serving IPC layer of the most widely used LLM inference/serving engine.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; insecure deserialization in the inference-serving transport.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "vLLM 0.6.5 through 0.8.4 with the Mooncake integration enabled (fixed 0.8.5).",
+    "affected_versions": [
+      "vLLM >= 0.6.5, <= 0.8.4 (Mooncake enabled)"
+    ],
+    "vector": "vLLM's Mooncake KV-transfer integration exchanges pickle-serialized data over unsecured ZeroMQ sockets (CWE-502). An unauthenticated network attacker who can reach those sockets sends a crafted serialized payload that executes code on the vLLM host. Unlike the off-by-default V0-engine flaw (CVE-2025-30165), the Mooncake sockets are network-reachable when the integration is enabled.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable, unauthenticated.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading vLLM to 0.8.5 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade vLLM to 0.8.5 or later. Never expose vLLM's distributed-serving ZeroMQ sockets (Mooncake KV transfer, XPUB) to untrusted networks; bind them to a trusted segment and authenticate peers."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the LLM serving engine's distributed-serving transport as managed, RCE/exposure-bearing software.",
+      "NIST-800-53-SC-7": "Boundary-protection control does not flag vLLM's ZeroMQ sockets (Mooncake / XPUB) as network-exposed surfaces.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference engine's IPC sockets as an injection / exposure surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference engine's distributed transport as a privileged control plane.",
+      "DORA-Art-9": "ICT protection measures do not model insecure deserialization / socket exposure in an LLM serving engine as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for securing the inference engine's IPC sockets.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving engines' distributed transports.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference engine's IPC sockets as untrusted surfaces requiring a safe serializer, peer authentication, and network isolation."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 31,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 26,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 31, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=26 (vLLM is the most widely used LLM serving engine) minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-32444",
+    "cwe_refs": [
+      "CWE-502"
+    ],
+    "iocs": {
+      "behavioral": [
+        "vLLM Mooncake ZeroMQ sockets receiving serialized payloads from peers outside the trusted node set.",
+        "Process or interpreter activity spawned during Mooncake KV-transfer deserialization.",
+        "Mooncake ZeroMQ sockets reachable from untrusted networks.",
+        "vLLM 0.6.5-0.8.4 with the Mooncake integration enabled - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the vLLM GitHub security advisory (https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5) and NVD CVE-2025-32444 (CWE-502)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-32444",
+      "https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory (vllm-project)",
+        "advisory_id": "CVE-2025-32444",
+        "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5",
+        "severity": "critical",
+        "published_date": "2025-04-29"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-32444",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32444",
+        "severity": "critical",
+        "published_date": "2025-04-29"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-502; NIST CVSS 9.8) + the vLLM GitHub security advisory. vLLM distributed-serving ZeroMQ flaw (fixed 0.8.5); same inference-IPC class as the ShadowMQ family.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "vLLM's Mooncake integration deserializes serialized data over unsecured ZeroMQ sockets (CWE-502), giving unauthenticated network RCE; fixed in 0.8.5."
+  },
+  "CVE-2025-30202": {
+    "name": "vLLM Distributed XPUB ZeroMQ Socket All-Interface Exposure",
+    "type": "INFO-DISCLOSURE",
+    "cvss_score": 7.5,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 7.5 (HIGH, availability/exposure). In multi-node deployments the primary host binds an XPUB ZeroMQ socket to all interfaces (CWE-770), exposing broadcast data and enabling denial of service.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the vLLM GitHub security advisory (GHSA-9f8f-2vmf-885j): an unauthorized client reaches the all-interface XPUB socket to read broadcast data and cause DoS.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via the vLLM project's GitHub security advisories. The abused surface is the distributed-serving IPC layer of the most widely used LLM inference/serving engine.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; unauthenticated socket exposure in the inference-serving transport.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation.",
+    "affected": "vLLM 0.5.2 through 0.8.4 in multi-node deployments (fixed 0.8.5).",
+    "affected_versions": [
+      "vLLM >= 0.5.2, <= 0.8.4 (multi-node)"
+    ],
+    "vector": "vLLM's multi-node deployment binds the primary host's XPUB ZeroMQ socket to all interfaces without access control (CWE-770). An unauthorized network client can read the broadcast data stream and flood the socket to cause denial of service.",
+    "complexity": "low",
+    "complexity_notes": "NVD AV:N / AC:L / PR:N — network-reachable, unauthenticated.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading vLLM to 0.8.5 or later; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade vLLM to 0.8.5 or later. Never expose vLLM's distributed-serving ZeroMQ sockets (Mooncake KV transfer, XPUB) to untrusted networks; bind them to a trusted segment and authenticate peers."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the LLM serving engine's distributed-serving transport as managed, RCE/exposure-bearing software.",
+      "NIST-800-53-SC-7": "Boundary-protection control does not flag vLLM's ZeroMQ sockets (Mooncake / XPUB) as network-exposed surfaces.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the inference engine's IPC sockets as an injection / exposure surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the inference engine's distributed transport as a privileged control plane.",
+      "DORA-Art-9": "ICT protection measures do not model insecure deserialization / socket exposure in an LLM serving engine as an ICT-risk event.",
+      "UK-CAF-B4": "System Security objective has no objective for securing the inference engine's IPC sockets.",
+      "AU-ISM-1546": "Patch-application control does not single out LLM serving engines' distributed transports.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the inference engine's IPC sockets as untrusted surfaces requiring a safe serializer, peer authentication, and network isolation."
+    },
+    "atlas_refs": [
+      "AML.T0049"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1499",
+      "T1040"
+    ],
+    "rwep_score": 27,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 22,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 27, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=22 (vLLM is the most widely used LLM serving engine) minus patch 15.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-30202",
+    "cwe_refs": [
+      "CWE-770"
+    ],
+    "iocs": {
+      "behavioral": [
+        "vLLM primary host's XPUB ZeroMQ socket bound to 0.0.0.0 / all interfaces and reachable from untrusted networks.",
+        "Unauthorized clients subscribing to or flooding the vLLM XPUB broadcast socket.",
+        "Resource exhaustion on the vLLM primary node correlated with XPUB socket traffic.",
+        "vLLM 0.5.2-0.8.4 multi-node deployment - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures derived from the vLLM GitHub security advisory (https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j) and NVD CVE-2025-30202 (CWE-770)."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-30202",
+      "https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory (vllm-project)",
+        "advisory_id": "CVE-2025-30202",
+        "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j",
+        "severity": "high",
+        "published_date": "2025-04-29"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-30202",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30202",
+        "severity": "high",
+        "published_date": "2025-04-29"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-770; NIST CVSS 7.5) + the vLLM GitHub security advisory. vLLM distributed-serving ZeroMQ flaw (fixed 0.8.5); same inference-IPC class as the ShadowMQ family.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "vLLM binds its multi-node XPUB ZeroMQ socket to all interfaces (CWE-770), exposing broadcast data and enabling DoS; fixed in 0.8.5."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",