@blamejs/exceptd-skills 0.13.96 → 0.13.97

package/data/atlas-ttps.json

@@ -1618,7 +1618,9 @@
     "stix_id": "attack-pattern--801658f2-81cd-5935-93c7-5e6e2d80e669",
     "is_subtechnique": false,
     "cve_refs": [
-      "CVE-2023-48022"
+      "CVE-2023-48022",
+      "CVE-2025-64513",
+      "CVE-2026-26190"
     ]
   },
   "AML.T0036": {
@@ -1734,10 +1736,12 @@
       "CVE-2025-30202",
       "CVE-2025-32444",
       "CVE-2025-64496",
+      "CVE-2025-64513",
       "CVE-2026-0766",
       "CVE-2026-24213",
       "CVE-2026-24214",
       "CVE-2026-24215",
+      "CVE-2026-26190",
       "CVE-2026-34159"
     ]
   },

package/data/attack-techniques.json

@@ -311,6 +311,7 @@
       "CVE-2026-24214",
       "CVE-2026-25592",
       "CVE-2026-26015",
+      "CVE-2026-26190",
       "CVE-2026-30615",
       "CVE-2026-30616",
       "CVE-2026-30617",
@@ -511,6 +512,7 @@
       "CVE-2025-34026",
       "CVE-2025-49706",
       "CVE-2025-61757",
+      "CVE-2025-64513",
       "CVE-2026-1603",
       "CVE-2026-20127",
       "CVE-2026-20182",
@@ -974,6 +976,7 @@
       "CVE-2025-62848",
       "CVE-2025-64328",
       "CVE-2025-64496",
+      "CVE-2025-64513",
       "CVE-2025-6554",
       "CVE-2025-6558",
       "CVE-2025-66644",
@@ -1019,6 +1022,7 @@
       "CVE-2026-24215",
       "CVE-2026-25108",
       "CVE-2026-26015",
+      "CVE-2026-26190",
       "CVE-2026-30616",
       "CVE-2026-30617",
       "CVE-2026-30624",

package/data/cve-catalog.json

@@ -14750,6 +14750,217 @@
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "BerriAI LiteLLM's secret-management path evaluates unvalidated input (UI_LOGO_PATH + KMS config, CWE-94), allowing an admin-influenced value to execute code on the credential-bearing proxy; fixed in 1.44.16."
   },
+  "CVE-2025-64513": {
+    "name": "Milvus Proxy Authentication Bypass via Forged Headers",
+    "type": "AUTH-BYPASS",
+    "cvss_score": 9.3,
+    "cvss_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+    "cvss_note": "CNA (GitHub) CVSS v4.0 base 9.3 (CRITICAL); NVD has not published its own assessed score. An unauthenticated attacker bypasses all authentication in the Milvus Proxy via forged HTTP headers (CWE-287).",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the Milvus GitHub security advisory (GHSA-mhjq-8c7m-3f7p): an unauthenticated request with forged headers bypasses the Proxy's authentication.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via the Milvus project's GitHub security advisories. Milvus is a widely used vector database that stores RAG embeddings and source data; the abused surface is its auth layer.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; authentication bypass on the vector database.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation. Note: exposed vector databases are widely reported to leak PII and credentials, so an auth bypass on RAG storage is high-impact.",
+    "affected": "Milvus before 2.4.24, 2.5.21, and 2.6.5 (the Proxy component).",
+    "affected_versions": [
+      "Milvus < 2.4.24",
+      "Milvus >= 2.5.0, < 2.5.21",
+      "Milvus >= 2.6.0, < 2.6.5"
+    ],
+    "vector": "Milvus's Proxy component trusts forged HTTP headers for authentication, so an unauthenticated attacker bypasses all authentication mechanisms (CWE-287) and gains full access to the vector database's collections and operations.",
+    "complexity": "low",
+    "complexity_notes": "AV:N / AC:L / PR:N - unauthenticated, network-reachable.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading Milvus to 2.4.24 / 2.5.21 / 2.6.5; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade Milvus to a patched release (2.4.24 / 2.5.21 / 2.6.5). Enable authentication, replace any default tokens, and do not expose Milvus's Proxy / port 9091 to untrusted networks."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-IA-2": "Identification-and-authentication is not enforced on the vector database's API/management surface; an unauthenticated attacker reaches RAG data.",
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the vector database (RAG persistence layer) as managed, auth-bypass-bearing software.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the vector database's auth layer as an access-control surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the vector DB as a privileged data store.",
+      "DORA-Art-9": "ICT protection measures do not model an unauthenticated vector-DB takeover (RAG data / embeddings) as an ICT-risk event.",
+      "UK-CAF-B2": "Identity and Access Control objective has no requirement to authenticate the vector database storing RAG data.",
+      "AU-ISM-1546": "Patch-application control does not single out vector databases.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the vector database as a sensitive RAG data store whose API/management ports must authenticate; an auth bypass exposes embeddings, source documents, and enables RAG poisoning."
+    },
+    "atlas_refs": [
+      "AML.T0049",
+      "AML.T0035"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1078"
+    ],
+    "rwep_score": 27,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 22,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 27, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=22 (Milvus is a widely used vector database for RAG) minus patch 15. Note: unauthenticated access to RAG storage (PII/embeddings/source docs) raises operational urgency beyond the RWEP number.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-64513",
+    "cwe_refs": [
+      "CWE-287"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Milvus Proxy requests carrying forged authentication headers from untrusted sources.",
+        "Vector-database collection reads/writes or admin operations not attributable to an authenticated client.",
+        "Milvus reachable from untrusted networks with default or weak tokens.",
+        "Milvus at any affected version (< 2.4.24, or 2.5.0-2.5.20, or 2.6.0-2.6.4) exposed to untrusted networks - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the Milvus GitHub security advisory (https://github.com/milvus-io/milvus/security/advisories/GHSA-mhjq-8c7m-3f7p) and NVD CVE-2025-64513 (CWE-287). The forged-header auth bypass is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-64513",
+      "https://github.com/milvus-io/milvus/security/advisories/GHSA-mhjq-8c7m-3f7p"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory (milvus-io)",
+        "advisory_id": "GHSA-mhjq-8c7m-3f7p",
+        "url": "https://github.com/milvus-io/milvus/security/advisories/GHSA-mhjq-8c7m-3f7p",
+        "severity": "critical",
+        "published_date": "2025-11-10"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-64513",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64513",
+        "severity": "critical",
+        "published_date": "2025-11-10"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-287; CNA GitHub CVSS v4.0 9.3, no NVD-assessed score) + the Milvus GitHub advisory. Member of the Milvus vector-database authentication-bypass family (RAG persistence layer).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Milvus's Proxy trusts forged HTTP headers, letting an unauthenticated attacker bypass all authentication and access the vector database (CWE-287); fixed in 2.4.24 / 2.5.21 / 2.6.5."
+  },
+  "CVE-2026-26190": {
+    "name": "Milvus Port 9091 Missing Authentication / Weak Default Token",
+    "type": "RCE",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_note": "NVD CVSS v3.1 base 9.8 (CRITICAL). TCP port 9091 is exposed with weak default tokens and unauthenticated API access (CWE-306), enabling arbitrary expression evaluation and unauthenticated access to all business operations.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Documented in the Milvus GitHub security advisory (GHSA-7ppg-37fh-vcr6): an unauthenticated request to port 9091 reaches all business operations and arbitrary expression evaluation.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed via the Milvus project's GitHub security advisories. Milvus is a widely used vector database that stores RAG embeddings and source data; the abused surface is its auth layer.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-assisted weaponization; authentication bypass on the vector database.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Advisory disclosure with a coordinated fix; no confirmed in-the-wild exploitation reported as of curation. Note: exposed vector databases are widely reported to leak PII and credentials, so an auth bypass on RAG storage is high-impact.",
+    "affected": "Milvus before 2.5.27, and 2.6.0 through 2.6.9.",
+    "affected_versions": [
+      "Milvus < 2.5.27",
+      "Milvus >= 2.6.0, <= 2.6.9"
+    ],
+    "vector": "Milvus exposes TCP port 9091 with weak default tokens and unauthenticated API access (CWE-306 missing authentication for a critical function). An unauthenticated attacker reaches all business operations and can trigger arbitrary expression evaluation, compromising the vector database and its RAG data.",
+    "complexity": "low",
+    "complexity_notes": "AV:N / AC:L / PR:N - unauthenticated, network-reachable.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is upgrading Milvus to 2.5.27 / 2.6.10; redeploy, no host reboot.",
+    "vendor_update_paths": [
+      "Upgrade Milvus to a patched release (2.5.27 / 2.6.10). Enable authentication, replace any default tokens, and do not expose Milvus's Proxy / port 9091 to untrusted networks."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-IA-2": "Identification-and-authentication is not enforced on the vector database's API/management surface; an unauthenticated attacker reaches RAG data.",
+      "NIST-800-53-SI-2": "Flaw-remediation cadence does not track the vector database (RAG persistence layer) as managed, auth-bypass-bearing software.",
+      "ISO-27001-2022-A.8.8": "Vulnerability management rarely enumerates the vector database's auth layer as an access-control surface.",
+      "NIS2-Art21-patch-management": "Article 21 measures do not reach the vector DB as a privileged data store.",
+      "DORA-Art-9": "ICT protection measures do not model an unauthenticated vector-DB takeover (RAG data / embeddings) as an ICT-risk event.",
+      "UK-CAF-B2": "Identity and Access Control objective has no requirement to authenticate the vector database storing RAG data.",
+      "AU-ISM-1546": "Patch-application control does not single out vector databases.",
+      "ALL-AI-PIPELINE-INTEGRITY": "No framework treats the vector database as a sensitive RAG data store whose API/management ports must authenticate; an auth bypass exposes embeddings, source documents, and enables RAG poisoning."
+    },
+    "atlas_refs": [
+      "AML.T0049",
+      "AML.T0035"
+    ],
+    "attack_refs": [
+      "T1190",
+      "T1059"
+    ],
+    "rwep_score": 27,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 22,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Standard (RWEP 27, \"patch within 30 days\" band per lib/scoring.js timeline). Not KEV, no confirmed in-the-wild exploitation, patched at disclosure (Hard Rule #3). poc_available=20 + blast_radius=22 (Milvus is a widely used vector database for RAG) minus patch 15. Note: unauthenticated access to RAG storage (PII/embeddings/source docs) raises operational urgency beyond the RWEP number.",
+    "epss_score": null,
+    "epss_date": "2026-05-25",
+    "epss_note": "EPSS not pulled for this entry; retrieve via FIRST EPSS API in a future refresh.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-26190",
+    "cwe_refs": [
+      "CWE-306"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated requests to Milvus TCP port 9091 (metrics/management) reaching business operations or expression evaluation.",
+        "Vector-database collection reads/writes or admin operations not attributable to an authenticated client.",
+        "Milvus reachable from untrusted networks with default or weak tokens.",
+        "Milvus at any affected version (< 2.5.27, or 2.6.0-2.6.9) exposed to untrusted networks - the exposed precondition."
+      ],
+      "_ioc_source_note": "Behavioral signatures anchored to the Milvus GitHub security advisory (https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6) and NVD CVE-2026-26190 (CWE-306). The unauthenticated port-9091 access is the indicator anchor."
+    },
+    "source_verified": "2026-05-25",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-26190",
+      "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory (milvus-io)",
+        "advisory_id": "GHSA-7ppg-37fh-vcr6",
+        "url": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6",
+        "severity": "critical",
+        "published_date": "2026-02-13"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-26190",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26190",
+        "severity": "critical",
+        "published_date": "2026-02-13"
+      }
+    ],
+    "last_updated": "2026-05-25",
+    "discovery_attribution_note": "Manually curated from NVD (CWE-306; NIST CVSS 9.8) + the Milvus GitHub advisory. Member of the Milvus vector-database authentication-bypass family (RAG persistence layer).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Milvus exposes port 9091 with weak default tokens and unauthenticated API access (CWE-306), enabling arbitrary expression evaluation and full unauthenticated control; fixed in 2.5.27 / 2.6.10."
+  },
   "CVE-2026-41091": {
     "name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
     "type": "LPE",

package/data/cwe-catalog.json

@@ -703,6 +703,7 @@
       "CVE-2025-32975",
       "CVE-2025-3935",
       "CVE-2025-49706",
+      "CVE-2025-64513",
       "CVE-2026-20127",
       "CVE-2026-20182"
     ],
@@ -745,6 +746,7 @@
       "CVE-2025-61757",
       "CVE-2026-0300",
       "CVE-2026-24423",
+      "CVE-2026-26190",
       "CVE-2026-33017",
       "CVE-2026-39987",
       "CVE-2026-41940"

package/data/framework-control-gaps.json

@@ -66,6 +66,7 @@
       "CVE-2025-54136",
       "CVE-2025-60455",
       "CVE-2025-64496",
+      "CVE-2025-64513",
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-22252",
@@ -76,6 +77,7 @@
       "CVE-2026-24214",
       "CVE-2026-24215",
       "CVE-2026-26015",
+      "CVE-2026-26190",
       "CVE-2026-30616",
       "CVE-2026-30617",
       "CVE-2026-30624",
@@ -1551,6 +1553,7 @@
       "CVE-2025-64328",
       "CVE-2025-64446",
       "CVE-2025-64496",
+      "CVE-2025-64513",
       "CVE-2025-6543",
       "CVE-2025-6554",
       "CVE-2025-6558",
@@ -1606,6 +1609,7 @@
       "CVE-2026-25108",
       "CVE-2026-25592",
       "CVE-2026-26015",
+      "CVE-2026-26190",
       "CVE-2026-3055",
       "CVE-2026-30616",
       "CVE-2026-30617",
@@ -1852,6 +1856,7 @@
       "CVE-2025-54136",
       "CVE-2025-60455",
       "CVE-2025-64496",
+      "CVE-2025-64513",
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-22252",
@@ -1863,6 +1868,7 @@
       "CVE-2026-24215",
       "CVE-2026-25592",
       "CVE-2026-26015",
+      "CVE-2026-26190",
       "CVE-2026-30616",
       "CVE-2026-30617",
       "CVE-2026-30624",
@@ -2614,6 +2620,7 @@
       "CVE-2025-64328",
       "CVE-2025-64446",
       "CVE-2025-64496",
+      "CVE-2025-64513",
       "CVE-2025-6543",
       "CVE-2025-6554",
       "CVE-2025-6558",
@@ -2671,6 +2678,7 @@
       "CVE-2026-25108",
       "CVE-2026-25592",
       "CVE-2026-26015",
+      "CVE-2026-26190",
       "CVE-2026-3055",
       "CVE-2026-30616",
       "CVE-2026-30617",
@@ -3739,8 +3747,10 @@
       "CVE-2023-48022",
       "CVE-2024-4889",
       "CVE-2024-6587",
+      "CVE-2025-64513",
       "CVE-2026-24206",
-      "CVE-2026-24207"
+      "CVE-2026-24207",
+      "CVE-2026-26190"
     ],
     "atlas_refs": [
       "AML.T0010",
@@ -4983,6 +4993,7 @@
       "CVE-2025-54136",
       "CVE-2025-60455",
       "CVE-2025-64496",
+      "CVE-2025-64513",
       "CVE-2025-8747",
       "CVE-2026-0300",
       "CVE-2026-0766",
@@ -4996,6 +5007,7 @@
       "CVE-2026-24215",
       "CVE-2026-25592",
       "CVE-2026-26015",
+      "CVE-2026-26190",
       "CVE-2026-30616",
       "CVE-2026-30617",
       "CVE-2026-30624",
@@ -5612,6 +5624,7 @@
       "CVE-2025-54136",
       "CVE-2025-60455",
       "CVE-2025-64496",
+      "CVE-2025-64513",
       "CVE-2025-8747",
       "CVE-2026-0766",
       "CVE-2026-22252",
@@ -5623,6 +5636,7 @@
       "CVE-2026-24215",
       "CVE-2026-25592",
       "CVE-2026-26015",
+      "CVE-2026-26190",
       "CVE-2026-30616",
       "CVE-2026-30617",
       "CVE-2026-30624",
@@ -5911,9 +5925,11 @@
       "CVE-2024-1709",
       "CVE-2024-4889",
       "CVE-2024-6587",
+      "CVE-2025-64513",
       "CVE-2026-20182",
       "CVE-2026-24206",
-      "CVE-2026-24207"
+      "CVE-2026-24207",
+      "CVE-2026-26190"
     ],
     "atlas_refs": [],
     "attack_refs": [

package/data/zeroday-lessons.json

@@ -4161,6 +4161,106 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation"
   },
+  "CVE-2025-64513": {
+    "name": "Milvus Proxy Authentication Bypass via Forged Headers",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "Milvus (CWE-287 forged-header auth bypass in the Proxy) lets an unauthenticated network attacker reach the vector database's operations and data, bypassing authentication.",
+      "privileges_required": "none (NVD/CNA AV:N / PR:N) - unauthenticated",
+      "complexity": "low (AC:L)",
+      "ai_factor": "The abused surface is the vector database - the RAG persistence layer that stores embeddings and the source documents (often PII) behind LLM applications. The lesson: vector databases are sensitive data stores, not caches; every API/management port (including metrics ports like 9091) must authenticate, default tokens must be replaced, and the DB must not be network-exposed. An auth bypass here exposes RAG data and enables retrieval poisoning."
+    },
+    "framework_coverage": {
+      "NIST-800-53-IA-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Authentication is not enforced on the vector database's API/management surface."
+      },
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the vector database (RAG persistence layer) as managed, auth-bypass-bearing software."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the vector database as a sensitive RAG data store whose API/management ports must authenticate."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 70,
+      "basis": "Vector databases are deployed as convenience RAG infrastructure on trusted-network assumptions, often with default tokens and exposed management ports.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-101",
+        "name": "VECTOR-DB-AUTHENTICATION-ENFORCEMENT",
+        "description": "A vector database storing RAG embeddings and source data must enforce authentication on every API and management/metrics port (including ports like Milvus 9091), reject forged/missing auth, replace default tokens, and never be exposed to untrusted networks. Upgrade Milvus to a patched release (2.4.24 / 2.5.21 / 2.6.5). The distinguishing test: from an unauthenticated client, attempt forged-header access to the Proxy and direct access to the metrics/management port on a staging instance and confirm both are refused.",
+        "evidence": "https://github.com/milvus-io/milvus/security/advisories/GHSA-mhjq-8c7m-3f7p",
+        "gap_closes": [
+          "NIST-800-53-IA-2",
+          "NIST-800-53-SI-2",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
+  "CVE-2026-26190": {
+    "name": "Milvus Port 9091 Missing Authentication / Weak Default Token",
+    "lesson_date": "2026-05-25",
+    "attack_vector": {
+      "description": "Milvus (CWE-306 missing authentication on port 9091 with weak default tokens) lets an unauthenticated network attacker reach the vector database's operations and data, bypassing authentication.",
+      "privileges_required": "none (NVD/CNA AV:N / PR:N) - unauthenticated",
+      "complexity": "low (AC:L)",
+      "ai_factor": "The abused surface is the vector database - the RAG persistence layer that stores embeddings and the source documents (often PII) behind LLM applications. The lesson: vector databases are sensitive data stores, not caches; every API/management port (including metrics ports like 9091) must authenticate, default tokens must be replaced, and the DB must not be network-exposed. An auth bypass here exposes RAG data and enables retrieval poisoning."
+    },
+    "framework_coverage": {
+      "NIST-800-53-IA-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Authentication is not enforced on the vector database's API/management surface."
+      },
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Does not track the vector database (RAG persistence layer) as managed, auth-bypass-bearing software."
+      },
+      "ALL-AI-PIPELINE-INTEGRITY": {
+        "covered": false,
+        "adequate": false,
+        "gap": "No framework treats the vector database as a sensitive RAG data store whose API/management ports must authenticate."
+      }
+    },
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 70,
+      "basis": "Vector databases are deployed as convenience RAG infrastructure on trusted-network assumptions, often with default tokens and exposed management ports.",
+      "theater_pattern": "ai_supply_chain_trust"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_assist_factor": "none",
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-101",
+        "name": "VECTOR-DB-AUTHENTICATION-ENFORCEMENT",
+        "description": "A vector database storing RAG embeddings and source data must enforce authentication on every API and management/metrics port (including ports like Milvus 9091), reject forged/missing auth, replace default tokens, and never be exposed to untrusted networks. Upgrade Milvus to a patched release (2.5.27 / 2.6.10). The distinguishing test: from an unauthenticated client, attempt forged-header access to the Proxy and direct access to the metrics/management port on a staging instance and confirm both are refused.",
+        "evidence": "https://github.com/milvus-io/milvus/security/advisories/GHSA-7ppg-37fh-vcr6",
+        "gap_closes": [
+          "NIST-800-53-IA-2",
+          "NIST-800-53-SI-2",
+          "ALL-AI-PIPELINE-INTEGRITY"
+        ]
+      }
+    ],
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation"
+  },
   "CVE-2024-4889": {
     "name": "BerriAI LiteLLM Config Code Injection via UI_LOGO_PATH / KMS",
     "lesson_date": "2026-05-25",