@blamejs/exceptd-skills 0.13.88 → 0.13.90

package/data/cwe-catalog.json

@@ -463,6 +463,7 @@
       "CVE-2025-48633",
       "CVE-2025-5419",
       "CVE-2025-5777",
+      "CVE-2026-24213",
       "CVE-2026-3055"
     ],
     "framework_controls_partially_addressing": [
@@ -1320,6 +1321,7 @@
       "CVE-2025-24016",
       "CVE-2025-26399",
       "CVE-2025-30165",
+      "CVE-2025-32444",
       "CVE-2025-40551",
       "CVE-2025-42999",
       "CVE-2025-49113",
@@ -2332,7 +2334,8 @@
     "evidence_cves": [
       "CVE-2018-14634",
       "CVE-2021-30952",
-      "CVE-2026-21385"
+      "CVE-2026-21385",
+      "CVE-2026-24214"
     ],
     "last_verified": "2026-05-18",
     "notes": "Added v0.13.17 KEV bulk-import."
@@ -2945,6 +2948,7 @@
     ],
     "related_weaknesses": [],
     "evidence_cves": [
+      "CVE-2026-24215",
       "CVE-2026-45498"
     ],
     "last_verified": "2026-05-19",
@@ -3637,7 +3641,9 @@
       "CWE-2000"
     ],
     "related_weaknesses": [],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2025-30202"
+    ],
     "last_verified": "2026-05-19",
     "notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
     "_auto_imported": true,

package/data/framework-control-gaps.json

@@ -52,6 +52,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -63,6 +65,9 @@
       "CVE-2026-22688",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-26015",
       "CVE-2026-30616",
       "CVE-2026-30617",
@@ -1439,11 +1444,13 @@
       "CVE-2025-27920",
       "CVE-2025-29635",
       "CVE-2025-30165",
+      "CVE-2025-30202",
       "CVE-2025-30397",
       "CVE-2025-31125",
       "CVE-2025-31277",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32701",
       "CVE-2025-32706",
@@ -1572,6 +1579,9 @@
       "CVE-2026-22769",
       "CVE-2026-23760",
       "CVE-2026-24061",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-2441",
       "CVE-2026-24423",
       "CVE-2026-24858",
@@ -1806,6 +1816,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-38352",
       "CVE-2025-43300",
@@ -1819,6 +1831,9 @@
       "CVE-2026-22688",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-25592",
       "CVE-2026-26015",
       "CVE-2026-30616",
@@ -2167,6 +2182,8 @@
       "CVE-2024-42478",
       "CVE-2024-42479",
       "CVE-2025-23266",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-53767",
       "CVE-2026-34159",
       "CVE-2026-42897"
@@ -2252,6 +2269,9 @@
       "CVE-2025-6965",
       "CVE-2025-8747",
       "CVE-2026-0766",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-39884",
       "CVE-2026-42208",
       "CVE-2026-9082"
@@ -2458,11 +2478,13 @@
       "CVE-2025-27920",
       "CVE-2025-29635",
       "CVE-2025-30165",
+      "CVE-2025-30202",
       "CVE-2025-30397",
       "CVE-2025-31125",
       "CVE-2025-31277",
       "CVE-2025-32432",
       "CVE-2025-32433",
+      "CVE-2025-32444",
       "CVE-2025-32463",
       "CVE-2025-32701",
       "CVE-2025-32706",
@@ -2597,6 +2619,9 @@
       "CVE-2026-24061",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-2441",
       "CVE-2026-24423",
       "CVE-2026-24858",
@@ -4897,6 +4922,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -4910,6 +4937,9 @@
       "CVE-2026-22688",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-25592",
       "CVE-2026-26015",
       "CVE-2026-30616",
@@ -5427,6 +5457,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -5436,6 +5468,9 @@
       "CVE-2026-0766",
       "CVE-2026-22252",
       "CVE-2026-22688",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-25592",
       "CVE-2026-26015",
       "CVE-2026-30616",
@@ -5500,6 +5535,8 @@
       "CVE-2025-23254",
       "CVE-2025-23266",
       "CVE-2025-30165",
+      "CVE-2025-30202",
+      "CVE-2025-32444",
       "CVE-2025-34291",
       "CVE-2025-49596",
       "CVE-2025-54136",
@@ -5511,6 +5548,9 @@
       "CVE-2026-22688",
       "CVE-2026-24206",
       "CVE-2026-24207",
+      "CVE-2026-24213",
+      "CVE-2026-24214",
+      "CVE-2026-24215",
       "CVE-2026-25592",
       "CVE-2026-26015",
       "CVE-2026-30616",

package/data/zeroday-lessons.json

@@ -6633,6 +6633,106 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation"
   },
+  "CVE-2025-32444": {
+    "name": "vLLM Mooncake Integration ZeroMQ Deserialization RCE",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "vLLM's distributed-serving transport exposes CWE-502 deserialization over unsecured ZeroMQ in the Mooncake integration: an unauthenticated network peer sends a crafted serialized payload that executes code on the vLLM host.",
+      "privileges_required": "none (NVD AV:N / PR:N) — network-reachable",
+      "complexity": "low (NVD AC:L)",
+      "ai_factor": "The abused surface is the distributed-serving IPC layer of the most widely used LLM serving engine. The lesson matches the ShadowMQ family: an inference engine's IPC sockets must use a safe serializer, authenticate peers, and stay on a trusted network segment — never bound to all interfaces or fed untrusted serialized data."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the LLM serving engine's distributed transport as RCE/exposure-bearing software."
+      },
+      "NIST-800-53-SC-7": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not flag vLLM's ZeroMQ sockets (Mooncake / XPUB) as network-exposed surfaces."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the inference engine's IPC sockets as untrusted surfaces requiring a safe serializer, peer authentication, and isolation."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 70,
+      "basis": "Distributed LLM serving is deployed on trusted-network assumptions; the engine's IPC sockets are not tracked or isolated.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-086",
+        "name": "AI-INFERENCE-IPC-DESERIALIZATION-SAFETY",
+        "description": "AI inference engines must use a safe serializer for IPC/socket communication, never deserialize untrusted serialized objects, authenticate socket peers, bind sockets to loopback/trusted segments (never all interfaces), and isolate the channel. Upgrade vLLM to 0.8.5 or later, which fixes both the Mooncake deserialization RCE (CVE-2025-32444) and the XPUB all-interface exposure (CVE-2025-30202). This is the same control class as the ShadowMQ family (CVE-2025-30165 etc.) — apply it across every inference engine in the estate. The distinguishing test: from an unauthorized peer on a staging cluster, send a crafted serialized object to the Mooncake socket and connect to the XPUB socket; both must be refused.",
+        "evidence": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SC-7",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
+  "CVE-2025-30202": {
+    "name": "vLLM Distributed XPUB ZeroMQ Socket All-Interface Exposure",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "vLLM's distributed-serving transport exposes CWE-770 unauthenticated all-interface XPUB ZeroMQ socket exposure: an unauthenticated network peer reads the broadcast data stream and floods the socket for denial of service.",
+      "privileges_required": "none (NVD AV:N / PR:N) — network-reachable",
+      "complexity": "low (NVD AC:L)",
+      "ai_factor": "The abused surface is the distributed-serving IPC layer of the most widely used LLM serving engine. The lesson matches the ShadowMQ family: an inference engine's IPC sockets must use a safe serializer, authenticate peers, and stay on a trusted network segment — never bound to all interfaces or fed untrusted serialized data."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the LLM serving engine's distributed transport as RCE/exposure-bearing software."
+      },
+      "NIST-800-53-SC-7": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not flag vLLM's ZeroMQ sockets (Mooncake / XPUB) as network-exposed surfaces."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the inference engine's IPC sockets as untrusted surfaces requiring a safe serializer, peer authentication, and isolation."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 66,
+      "basis": "Distributed LLM serving is deployed on trusted-network assumptions; the engine's IPC sockets are not tracked or isolated.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-086",
+        "name": "AI-INFERENCE-IPC-DESERIALIZATION-SAFETY",
+        "description": "AI inference engines must use a safe serializer for IPC/socket communication, never deserialize untrusted serialized objects, authenticate socket peers, bind sockets to loopback/trusted segments (never all interfaces), and isolate the channel. Upgrade vLLM to 0.8.5 or later, which fixes both the Mooncake deserialization RCE (CVE-2025-32444) and the XPUB all-interface exposure (CVE-2025-30202). This is the same control class as the ShadowMQ family (CVE-2025-30165 etc.) — apply it across every inference engine in the estate. The distinguishing test: from an unauthorized peer on a staging cluster, send a crafted serialized object to the Mooncake socket and connect to the XPUB socket; both must be refused.",
+        "evidence": "https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SC-7",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
   "CVE-2024-50050": {
     "name": "Meta Llama Stack Socket Deserialization RCE (ShadowMQ)",
     "lesson_date": "2026-05-25",
@@ -6783,6 +6883,156 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation"
   },
+  "CVE-2026-24213": {
+    "name": "NVIDIA Triton DALI Backend Out-of-Bounds Read",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "NVIDIA Triton's DALI data-augmentation backend mishandles attacker-supplied inference input (CWE-125 out-of-bounds read), which can corrupt memory and lead to code execution or information disclosure.",
+      "privileges_required": "none (NVD AV:N / PR:N) — network-reachable inference input",
+      "complexity": "low (NVD AC:L)",
+      "ai_factor": "The abused surface is the media/data-augmentation backend of a widely deployed AI inference server, which processes untrusted inference input. The lesson: inference backends that decode or transform attacker-supplied data are memory-safety and availability surfaces that must bounds-check and resource-limit, and the inference endpoint must not be network-exposed to untrusted clients. This is also a clean CVSS-vs-RWEP case (NVD CRITICAL, but patched + no exploitation = low real-world priority)."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the inference server's media-processing backends as managed, memory-unsafe software."
+      },
+      "NIST-800-53-SI-10": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Input validation is not applied to the size/shape of inference inputs reaching the DALI backend."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 60,
+      "basis": "Inference servers' media backends are not tracked as memory-unsafe attack surface; input size/shape limits on inference requests are rarely enforced.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-096",
+        "name": "AI-INFERENCE-BACKEND-INPUT-HARDENING",
+        "description": "An AI inference server's media/data-augmentation backends (e.g. NVIDIA Triton DALI) must validate and bound the size and shape of untrusted inference input, enforce resource limits, and run with memory-safety mitigations; the inference endpoint must not be exposed to untrusted networks. Upgrade Triton to r26.03 or later. The distinguishing test: send crafted inference inputs (oversized dimensions, malformed media headers) to a staging DALI model and confirm they are rejected/bounded rather than causing crashes or resource exhaustion.",
+        "evidence": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SI-10",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
+  "CVE-2026-24214": {
+    "name": "NVIDIA Triton DALI Backend Integer Overflow",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "NVIDIA Triton's DALI data-augmentation backend mishandles attacker-supplied inference input (CWE-190 integer overflow), which can corrupt memory and lead to code execution or information disclosure.",
+      "privileges_required": "none (NVD AV:N / PR:N) — network-reachable inference input",
+      "complexity": "low (NVD AC:L)",
+      "ai_factor": "The abused surface is the media/data-augmentation backend of a widely deployed AI inference server, which processes untrusted inference input. The lesson: inference backends that decode or transform attacker-supplied data are memory-safety and availability surfaces that must bounds-check and resource-limit, and the inference endpoint must not be network-exposed to untrusted clients. This is also a clean CVSS-vs-RWEP case (NVD CRITICAL, but patched + no exploitation = low real-world priority)."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the inference server's media-processing backends as managed, memory-unsafe software."
+      },
+      "NIST-800-53-SI-10": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Input validation is not applied to the size/shape of inference inputs reaching the DALI backend."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 60,
+      "basis": "Inference servers' media backends are not tracked as memory-unsafe attack surface; input size/shape limits on inference requests are rarely enforced.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-096",
+        "name": "AI-INFERENCE-BACKEND-INPUT-HARDENING",
+        "description": "An AI inference server's media/data-augmentation backends (e.g. NVIDIA Triton DALI) must validate and bound the size and shape of untrusted inference input, enforce resource limits, and run with memory-safety mitigations; the inference endpoint must not be exposed to untrusted networks. Upgrade Triton to r26.03 or later. The distinguishing test: send crafted inference inputs (oversized dimensions, malformed media headers) to a staging DALI model and confirm they are rejected/bounded rather than causing crashes or resource exhaustion.",
+        "evidence": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SI-10",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
+  "CVE-2026-24215": {
+    "name": "NVIDIA Triton DALI Backend Uncontrolled Resource Consumption (DoS)",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "NVIDIA Triton's DALI data-augmentation backend mishandles attacker-supplied inference input (CWE-400 uncontrolled resource consumption), letting an unauthenticated attacker exhaust resources and deny service.",
+      "privileges_required": "none (NVD AV:N / PR:N) — network-reachable inference input",
+      "complexity": "low (NVD AC:L)",
+      "ai_factor": "The abused surface is the media/data-augmentation backend of a widely deployed AI inference server, which processes untrusted inference input. The lesson: inference backends that decode or transform attacker-supplied data are memory-safety and availability surfaces that must bounds-check and resource-limit, and the inference endpoint must not be network-exposed to untrusted clients. This is also a clean CVSS-vs-RWEP case (NVD rates it HIGH, but patched + no exploitation = low real-world priority)."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the inference server's media-processing backends as managed, memory-unsafe software."
+      },
+      "NIST-800-53-SI-10": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Input validation is not applied to the size/shape of inference inputs reaching the DALI backend."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the inference data-augmentation backend's handling of untrusted input as a memory-safety / availability surface."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 58,
+      "basis": "Inference servers' media backends are not tracked as memory-unsafe attack surface; input size/shape limits on inference requests are rarely enforced.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-096",
+        "name": "AI-INFERENCE-BACKEND-INPUT-HARDENING",
+        "description": "An AI inference server's media/data-augmentation backends (e.g. NVIDIA Triton DALI) must validate and bound the size and shape of untrusted inference input, enforce resource limits, and run with memory-safety mitigations; the inference endpoint must not be exposed to untrusted networks. Upgrade Triton to r26.03 or later. The distinguishing test: send crafted inference inputs (oversized dimensions, malformed media headers) to a staging DALI model and confirm they are rejected/bounded rather than causing crashes or resource exhaustion.",
+        "evidence": "https://nvidia.custhelp.com/app/answers/detail/a_id/5828",
+        "gap_closes": [
+          "NIST-800-53-SI-2",
+          "NIST-800-53-SI-10",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
   "CVE-2026-24206": {
     "name": "NVIDIA Triton Inference Server Authentication Bypass (Alternate Channel)",
     "lesson_date": "2026-05-25",