@blamejs/exceptd-skills 0.14.26 → 0.14.27

package/data/cve-catalog.json

@@ -55,7 +55,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.029,
+      "current_rate": 0.028,
       "current_floor_enforced_by_test": 0.028,
       "ladder_to_target": [
         0.028,
@@ -68,7 +68,7 @@
         0.3,
         0.4
       ],
-      "floor_correction_note": "v0.13.4: floor dropped from 0.15 → 0.13 after the v0.13.4 cleanup removed two stuck-draft CVEs (MAL-2026-ANTHROPIC-MCP-STDIO duplicate of CVE-2026-30623 + CVE-2026-GTIG-AI-2FA embargoed placeholder). The GTIG entry was the only ai_discovered=true of the two; catalog observed rate fell from 6/40 (0.15) to 5/38 (0.132). Floor is reset below the new observed rate to keep the test honest, and a new 0.13 rung is prepended to the ladder so monotonic non-decreasing is preserved without rewriting prior rungs. Prior correction note: v0.12.31 floor dropped 0.20 → 0.15 after the cycle-11 intake added six ai_discovered=false entries. v0.13.17: catalog grew 68 -> 72 with 4 non-AI Nightmare-Eclipse entries; observed rate falls from 12/68 (0.176) to 12/72 (0.208). Floor unchanged at 0.13 — still under observed. v0.13.17: catalog grew 72 -> 232 via CISA KEV bulk import; observed rate drops from 0.208 (15/72) to 0.065 (15/232) because KEV records lack AI-attribution metadata. Floor reset to 0.05 with new prepended ladder rung; existing rungs preserved. v0.13.17 round-2: catalog grew further to 312 via additional KEV bulk import; observed rate 0.038 (12/312). Floor lowered to 0.03 with a new prepended ladder rung to keep the test honest under bulk-import dilution. Prior rungs preserved; the 0.40 target ladder is unchanged. AI-attribution backfill for the 240 bulk-imported entries is operator-curation work in future cycles. v0.13.113: catalog grew to 402; observed rate 12/402 (0.0299) fell just under the 0.03 floor, so the floor was lowered to 0.029 with a prepended 0.029 ladder rung (prior rungs and the 0.40 target preserved). v0.13.122: AI-ecosystem CVE tranches grew the catalog to 414; observed rate 12/414 (0.0290) fell just under the 0.029 floor, so the floor was lowered to 0.028 with a prepended 0.028 ladder rung (prior rungs and the 0.40 target preserved).",
+      "floor_correction_note": "v0.13.4: floor dropped from 0.15 → 0.13 after the v0.13.4 cleanup removed two stuck-draft CVEs (MAL-2026-ANTHROPIC-MCP-STDIO duplicate of CVE-2026-30623 + CVE-2026-GTIG-AI-2FA embargoed placeholder). The GTIG entry was the only ai_discovered=true of the two; catalog observed rate fell from 6/40 (0.15) to 5/38 (0.132). Floor is reset below the new observed rate to keep the test honest, and a new 0.13 rung is prepended to the ladder so monotonic non-decreasing is preserved without rewriting prior rungs. Prior correction note: v0.12.31 floor dropped 0.20 → 0.15 after the cycle-11 intake added six ai_discovered=false entries. v0.13.17: catalog grew 68 -> 72 with 4 non-AI Nightmare-Eclipse entries; observed rate falls from 12/68 (0.176) to 12/72 (0.208). Floor unchanged at 0.13 — still under observed. v0.13.17: catalog grew 72 -> 232 via CISA KEV bulk import; observed rate drops from 0.208 (15/72) to 0.065 (15/232) because KEV records lack AI-attribution metadata. Floor reset to 0.05 with new prepended ladder rung; existing rungs preserved. v0.13.17 round-2: catalog grew further to 312 via additional KEV bulk import; observed rate 0.038 (12/312). Floor lowered to 0.03 with a new prepended ladder rung to keep the test honest under bulk-import dilution. Prior rungs preserved; the 0.40 target ladder is unchanged. AI-attribution backfill for the 240 bulk-imported entries is operator-curation work in future cycles. v0.13.113: catalog grew to 402; observed rate 12/402 (0.0299) fell just under the 0.03 floor, so the floor was lowered to 0.029 with a prepended 0.029 ladder rung (prior rungs and the 0.40 target preserved). v0.13.122: AI-ecosystem CVE tranches grew the catalog to 414; observed rate 12/414 (0.0290) fell just under the 0.029 floor, so the floor was lowered to 0.028 with a prepended 0.028 ladder rung (prior rungs and the 0.40 target preserved). v0.14.27: three non-AI CI/CD supply-chain entries grew the catalog to 423; observed rate 12/423 (0.0284), current_rate updated 0.029 -> 0.028; floor unchanged at 0.028 (still under observed).",
       "ladder_note": "Test floor advances when each rung is exceeded with a margin (>= floor + 0.05). Surfaces incremental tightening without coincidence-passing failures.",
       "gap_explanation": "Catalog skews toward 2024 vendor-disclosed CVEs (xz-utils, runc, CRI-O, MLflow, containerd, SolarWinds, Citrix, ConnectWise) and Pwn2Own Ireland 2025 entries (Synacktiv, DEVCORE, Summoning Team, CyCraft) where AI-tooling involvement was either not used or not credited in the public disclosure. The 41% figure in AGENTS.md Hard Rule #7 reflects the broader 2025 zero-day population reported by Google Threat Intelligence Group; catalog membership is curated against a different sampling frame (operational impact + framework-coverage need) and so will lag the population-level rate.",
       "discovery_source_enum": [
@@ -92,6 +92,325 @@
     },
     "last_threat_review": "2026-05-15"
   },
+  "CVE-2025-30066": {
+    "name": "tj-actions/changed-files GitHub Action Supply-Chain Compromise (secret exfiltration to workflow logs)",
+    "type": "supply-chain-compromise",
+    "cvss_score": 8.6,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+    "cwe_refs": [
+      "CWE-506"
+    ],
+    "cisa_kev": true,
+    "cisa_kev_date": "2025-03-18",
+    "poc_available": true,
+    "poc_description": "The compromise itself is the live exploit. On 2025-03-14/15 a threat actor used a leaked Personal Access Token to repoint the action's tags v1 through v45.0.7 at commit 0e58ed8, which carried a base64-encoded Python payload (a memory dump via the runner process) that printed CI/CD secrets — AWS keys, npm tokens, the repository GITHUB_TOKEN, RSA private keys — into the publicly readable GitHub Actions workflow logs. Documented by StepSecurity (Harden-Runner detection), Wiz, Semgrep, Sysdig, and Palo Alto Unit 42.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Human-operated supply-chain compromise; no AI involvement in discovery or weaponization is documented.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI tooling documented in the attack chain. The credential-harvesting payload was a static base64 Python memory dumper.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "Actively exploited in the wild during the ~36-hour window the malicious tags were live; ~23,000 repositories referenced the action. CISA added to KEV 2025-03-18.",
+    "affected": "tj-actions/changed-files tags v1 through v45.0.7 (all consumers that referenced a mutable tag rather than a pinned commit SHA were served the malicious 0e58ed8 commit on 2025-03-14/15).",
+    "affected_versions": [
+      "tj-actions/changed-files v1 through v45.0.7 (mutable tags repointed to commit 0e58ed8)"
+    ],
+    "vector": "Mutable git-tag repointing. A stolen PAT moved the action's release tags to a malicious commit; every workflow that pinned the action by tag (the documented norm) pulled the trojaned code on its next run, which dumped the job's secrets to the workflow log.",
+    "complexity": "low",
+    "complexity_notes": "Once the tags were repointed, exploitation was automatic for any consumer pinning by tag — no per-target interaction required.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "vendor_update_paths": [
+      "Upgrade to tj-actions/changed-files@v46.0.1 or later (post-remediation)",
+      "Pin ALL GitHub Actions to a full-length 40-character commit SHA, never a tag or branch",
+      "Rotate every secret exposed to any workflow that ran the action between 2025-03-14 and 2025-03-15",
+      "Audit public workflow logs for leaked secrets and review GitHub's audit log for the period"
+    ],
+    "framework_control_gaps": {
+      "SLSA-v1.0-Build-L3": "SLSA build provenance does not bind a consumer's tag reference to a specific source revision; a repointed mutable tag silently substitutes the build inputs.",
+      "NIST-800-218-SSDF-PW.4": "Reuse of well-maintained components assumes the upstream artifact is immutable; a tag is mutable and the action had no publisher-side tamper control.",
+      "NIST-800-53-SR-11": "Component-authenticity controls assume signed/versioned artifacts; unsigned GitHub Action tags carry no integrity guarantee an SR-11 process can verify.",
+      "ISO-27001-2022-A.8.30": "Outsourced-development controls do not reach a third-party CI action maintained by an individual with no contractual relationship to the consumer.",
+      "OWASP-CICD-SEC-3": "Dependency-chain abuse: pinning by floating tag is the documented usage pattern, so the control that would have prevented this (SHA pinning) was not the default."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1195.001",
+      "T1552"
+    ],
+    "rwep_score": 78,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 28,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Critical (RWEP 78). KEV-listed (25) + confirmed in-the-wild exploitation (20) + the live malicious artifact as PoC (20) + very large blast radius (28; ~23,000 dependent repositories, secrets exfiltrated), minus patch_available (15). Σ factors === rwep_score.",
+    "epss_score": 0.9183,
+    "epss_date": "2026-05-27",
+    "epss_note": "FIRST EPSS 0.9183 (99.70th percentile) as of 2026-05-27.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-30066",
+    "iocs": {
+      "behavioral": [
+        "GitHub Actions workflow logs containing base64-encoded blobs or printed environment/secret values after a step running tj-actions/changed-files.",
+        "tj-actions/changed-files referenced by a tag (v1..v45) rather than a 40-char commit SHA during 2025-03-14/15.",
+        "Outbound network calls or memory-dump behavior from the changed-files step that are not part of its documented function."
+      ],
+      "indicators": [
+        "Malicious commit SHA 0e58ed8 in the tj-actions/changed-files history (tags repointed to it).",
+        "Payload fetched/embedded a memory-dumping Python script (gist-hosted in the original chain)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-30066, CISA KEV, and the StepSecurity / Wiz / Semgrep / Sysdig public analyses."
+    },
+    "source_verified": "2026-05-28",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-30066",
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised",
+      "https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066",
+      "https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-30066",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30066",
+        "severity": "high",
+        "published_date": "2025-03-15"
+      },
+      {
+        "vendor": "CISA KEV",
+        "advisory_id": "CVE-2025-30066",
+        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+        "severity": "high",
+        "published_date": "2025-03-18"
+      }
+    ],
+    "last_updated": "2026-05-28",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2025-30066 (CWE-506, CVSS 8.6) + CISA KEV (added 2025-03-18) + StepSecurity/Wiz/Semgrep/Sysdig public analyses. The March 2025 GitHub Actions supply-chain compromise; chained from the reviewdog/action-setup compromise (CVE-2025-30154), which is believed to have leaked the PAT used to repoint the changed-files tags.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "tj-actions/changed-files GitHub Action tags were repointed to malicious code (CWE-506) that dumped CI/CD secrets to publicly readable workflow logs; remediate by pinning actions to commit SHAs and rotating exposed secrets."
+  },
+  "CVE-2025-30154": {
+    "name": "reviewdog/action-setup GitHub Action Supply-Chain Compromise (secret exfiltration to workflow logs)",
+    "type": "supply-chain-compromise",
+    "cvss_score": 8.6,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+    "cwe_refs": [
+      "CWE-506"
+    ],
+    "cisa_kev": true,
+    "cisa_kev_date": "2025-03-24",
+    "poc_available": true,
+    "poc_description": "The compromise itself is the live exploit. reviewdog/action-setup@v1 was modified on 2025-03-11 between 18:42 and 20:31 UTC to inject code that base64-encodes and prints exposed secrets into the GitHub Actions workflow logs. Because the tag v1 was repointed, every consumer pinning by tag — and every downstream reviewdog action that internally uses action-setup@v1 (action-shellcheck, action-composite-template, action-staticcheck, action-ast-grep, action-typos) — was affected regardless of how the downstream action itself was pinned. Documented by Wiz and the reviewdog GHSA.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "Human-operated supply-chain compromise; no AI involvement documented.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI tooling documented. The reviewdog compromise is widely assessed to be the entry point that exposed the Personal Access Token later used in the tj-actions/changed-files compromise (CVE-2025-30066).",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "Actively exploited in the wild during the compromise window; CISA added to KEV 2025-03-24. Transitive blast radius via the five downstream reviewdog actions that consume action-setup@v1.",
+    "affected": "reviewdog/action-setup@v1 (compromised 2025-03-11 18:42-20:31 UTC), and transitively reviewdog/action-shellcheck, action-composite-template, action-staticcheck, action-ast-grep, and action-typos which invoke action-setup@v1 internally.",
+    "affected_versions": [
+      "reviewdog/action-setup@v1 (tag repointed to malicious commit)",
+      "reviewdog/action-shellcheck (via action-setup@v1)",
+      "reviewdog/action-composite-template (via action-setup@v1)",
+      "reviewdog/action-staticcheck (via action-setup@v1)",
+      "reviewdog/action-ast-grep (via action-setup@v1)",
+      "reviewdog/action-typos (via action-setup@v1)"
+    ],
+    "vector": "Mutable git-tag repointing of a transitively-included action. action-setup@v1 was trojaned; downstream reviewdog actions that pin action-setup@v1 internally pulled the malicious code regardless of how the consumer pinned the downstream action, dumping job secrets to the workflow log.",
+    "complexity": "low",
+    "complexity_notes": "Automatic for any consumer of the affected actions during the window; the transitive inclusion defeated consumer-side SHA pinning of the outer action.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "vendor_update_paths": [
+      "Pin reviewdog actions to a known-good full commit SHA predating 2025-03-11; the maintainer reverted the malicious changes",
+      "Pin ALL transitively-included actions by commit SHA where possible, and prefer actions that pin their own dependencies by SHA",
+      "Rotate every secret exposed to any workflow that ran an affected reviewdog action during the window",
+      "Audit public workflow logs and the GitHub audit log for the compromise period"
+    ],
+    "framework_control_gaps": {
+      "SLSA-v1.0-Build-L3": "Build provenance does not cover transitively-included actions; pinning the outer action by SHA still pulled a malicious inner action referenced by a mutable tag.",
+      "NIST-800-218-SSDF-PW.4": "Component-reuse controls do not address nested third-party CI actions whose own dependencies are tag-pinned outside the consumer's control.",
+      "NIST-800-53-SR-3": "Supply-chain controls inventory direct dependencies; a second-tier GitHub Action (action-setup pulled by action-shellcheck) routinely escapes that inventory.",
+      "OWASP-CICD-SEC-3": "Dependency-chain abuse via transitive action inclusion — consumer-side SHA pinning is insufficient when the pinned action itself references a mutable tag.",
+      "ISO-27001-2022-A.8.30": "Outsourced-development trust does not extend to the maintainers of an action's internal dependencies."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1195.001",
+      "T1552"
+    ],
+    "rwep_score": 72,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 22,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Critical (RWEP 72). KEV-listed (25) + confirmed exploitation (20) + live malicious artifact as PoC (20) + broad transitive blast radius (22; five downstream actions, defeated consumer SHA pinning), minus patch_available (15). Σ factors === rwep_score.",
+    "epss_score": 0.34556,
+    "epss_date": "2026-05-27",
+    "epss_note": "FIRST EPSS 0.34556 (97.07th percentile) as of 2026-05-27.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-30154",
+    "iocs": {
+      "behavioral": [
+        "GitHub Actions workflow logs containing base64-encoded secret blobs after a step running any reviewdog action.",
+        "reviewdog/action-setup or a dependent reviewdog action referenced during 2025-03-11 18:42-20:31 UTC.",
+        "A consumer that SHA-pinned an outer reviewdog action but still received malicious code (signature of the transitive-tag compromise)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-30154, CISA KEV, the reviewdog GHSA-qmg3-hpqr-gqvc, and the Wiz analysis."
+    },
+    "source_verified": "2026-05-28",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-30154",
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://github.com/reviewdog/reviewdog/security/advisories/GHSA-qmg3-hpqr-gqvc",
+      "https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "GHSA-qmg3-hpqr-gqvc",
+        "url": "https://github.com/reviewdog/reviewdog/security/advisories/GHSA-qmg3-hpqr-gqvc",
+        "severity": "high",
+        "published_date": "2025-03-19"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2025-30154",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30154",
+        "severity": "high",
+        "published_date": "2025-03-19"
+      }
+    ],
+    "last_updated": "2026-05-28",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2025-30154 (CWE-506, CVSS 8.6) + CISA KEV (added 2025-03-24) + reviewdog GHSA-qmg3-hpqr-gqvc + Wiz analysis. The reviewdog/action-setup compromise of 2025-03-11; assessed as the upstream pivot of the tj-actions/changed-files compromise (CVE-2025-30066). Shares the CI/CD supply-chain control surface with that entry and the xz-utils backdoor (CVE-2024-3094).",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "reviewdog/action-setup@v1 (and five reviewdog actions that include it transitively) was trojaned (CWE-506) to dump secrets to workflow logs; pin actions to commit SHAs and rotate exposed secrets."
+  },
+  "CVE-2026-48027": {
+    "name": "Nx Console IDE Extension Supply-Chain Compromise (malicious marketplace version)",
+    "type": "supply-chain-compromise",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cvss_v4_score": 9.3,
+    "cvss_v4_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+    "cvss_score_note": "NVD CVSS 3.1 base 9.8 (nvd@nist.gov). GitHub (CNA) scored CVSS 4.0 base 9.3. The 3.1 vector is the catalog-primary; both recorded.",
+    "cwe_refs": [
+      "CWE-506"
+    ],
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-05-27",
+    "poc_available": true,
+    "poc_description": "The malicious extension is the live exploit. On 2026-05-19 a trojaned Nx Console 18.95.0 was published to the Visual Studio Marketplace (live 12:30-12:48 UTC, ~18 minutes) and OpenVSX (live 12:33-13:09 UTC, ~36 minutes). On install/activation it fetched an obfuscated second-stage payload that harvested credentials from multiple sources on the developer host. Documented by StepSecurity and the nrwl/nx-console GHSA.",
+    "ai_discovered": false,
+    "ai_discovery_source": "unknown",
+    "ai_discovery_notes": "No AI involvement in discovery is documented.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "AI-CLI abuse is not asserted for this specific extension compromise. Context: the Nx ecosystem was previously hit by the August 2025 's1ngularity' npm-package compromise, whose payload notably weaponized installed AI CLI assistants to enumerate secrets — a distinct incident; this entry is scoped to the documented facts of CVE-2026-48027.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "CISA added to KEV 2026-05-27. The malicious version was live in two marketplaces during the documented windows on 2026-05-19; auto-update of the widely-installed extension drove exposure within the windows.",
+    "affected": "Nx Console 18.95.0 (the malicious version published 2026-05-19; live ~18 min on Visual Studio Marketplace and ~36 min on OpenVSX).",
+    "affected_versions": [
+      "Nx Console 18.95.0 (malicious marketplace publication; removed shortly after)"
+    ],
+    "vector": "Trojanized IDE-extension marketplace publication. A malicious 18.95.0 build was pushed to the VS Code Marketplace and OpenVSX; installing or auto-updating to it ran an obfuscated credential-harvesting payload with the developer's local privileges.",
+    "complexity": "low",
+    "complexity_notes": "Install or auto-update of the extension during the publication window was sufficient; no additional interaction required.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "vendor_update_paths": [
+      "Upgrade Nx Console to 18.100.0 (or later); 18.100.0 is confirmed clean",
+      "If 18.95.0 was installed on 2026-05-19, treat the host as compromised: rotate all developer credentials (Git/npm tokens, SSH keys, cloud keys, crypto wallets) and review for exfiltration",
+      "Disable IDE-extension auto-update for security-critical hosts and verify publisher/version before updating"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SR-11": "Component-authenticity verification does not extend to IDE marketplace extensions; VS Code/OpenVSX extensions carry no consumer-verifiable publisher signature an SR-11 process can gate on.",
+      "NIST-800-218-SSDF-PW.4": "Trusted-component reuse assumes the marketplace artifact matches the reviewed source; a malicious version published under the legitimate publisher identity defeats that assumption.",
+      "ISO-27001-2022-A.8.30": "Outsourced-development controls do not address developer-endpoint IDE extensions installed outside any procurement or vetting process.",
+      "ISO-27001-2022-A.8.8": "Technical-vulnerability management for developer endpoints rarely inventories IDE extensions or their auto-update behavior as a managed software surface.",
+      "OWASP-CICD-SEC-3": "Dependency-chain abuse extends to the developer IDE: a compromised extension harvests the same credentials the CI pipeline protects, upstream of any pipeline control."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1195.001",
+      "T1552",
+      "T1567"
+    ],
+    "rwep_score": 74,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 24,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "Critical (RWEP 74). KEV-listed (25) + confirmed exploitation (20) + the live malicious extension as PoC (20) + broad blast radius (24; widely-installed IDE extension, multi-source credential harvesting on the developer host, narrowed by the short publication window), minus patch_available (15). Σ factors === rwep_score.",
+    "epss_score": null,
+    "epss_date": "2026-05-28",
+    "epss_note": "Not yet scored by FIRST EPSS as of 2026-05-28 (CVE published 2026-05-27); refresh on the next validate-cves --live run.",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-48027",
+    "iocs": {
+      "behavioral": [
+        "Nx Console version 18.95.0 present in a VS Code / OpenVSX installation.",
+        "An IDE extension process making outbound network calls to fetch a second-stage payload shortly after install/update on 2026-05-19.",
+        "Access to developer credential stores (Git config, ~/.npmrc, SSH keys, cloud credential files, wallet files) by the extension host process."
+      ],
+      "indicators": [
+        "Nx Console 18.95.0 installed during 2026-05-19 12:30-12:48 UTC (VS Marketplace) or 12:33-13:09 UTC (OpenVSX)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-48027, CISA KEV, the nrwl/nx-console GHSA-c9j4-9m59-847w, and the StepSecurity analysis."
+    },
+    "source_verified": "2026-05-28",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-48027",
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+      "https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w",
+      "https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "GitHub Security Advisory",
+        "advisory_id": "GHSA-c9j4-9m59-847w",
+        "url": "https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w",
+        "severity": "critical",
+        "published_date": "2026-05-27"
+      },
+      {
+        "vendor": "NVD",
+        "advisory_id": "CVE-2026-48027",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48027",
+        "severity": "critical",
+        "published_date": "2026-05-27"
+      }
+    ],
+    "last_updated": "2026-05-28",
+    "discovery_attribution_note": "Manually curated from NVD CVE-2026-48027 (CWE-506, CVSS 3.1 9.8 / CVSS 4.0 9.3) + CISA KEV (added 2026-05-27) + nrwl/nx-console GHSA-c9j4-9m59-847w + StepSecurity analysis. Trojanized Nx Console 18.95.0 published to the VS Code Marketplace and OpenVSX on 2026-05-19; clean at 18.100.0. Shares the developer-tooling supply-chain control surface with the tj-actions (CVE-2025-30066) and reviewdog (CVE-2025-30154) action compromises.",
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "A malicious Nx Console 18.95.0 was published to the VS Code Marketplace / OpenVSX (CWE-506) and harvested developer credentials; upgrade to 18.100.0 and rotate credentials if the bad version was installed on 2026-05-19."
+  },
   "CVE-2025-53773": {
     "name": "GitHub Copilot / VS Code 'YOLO mode' Prompt Injection RCE",
     "type": "RCE-via-prompt-injection",

package/data/cwe-catalog.json

@@ -50,14 +50,14 @@
     "evidence_cves": [
       "CVE-2022-1471",
       "CVE-2024-3154",
+      "CVE-2025-10164",
       "CVE-2025-20393",
       "CVE-2025-54236",
       "CVE-2025-6558",
+      "CVE-2026-21858",
       "CVE-2026-32201",
       "CVE-2026-34197",
-      "CVE-2026-6973",
-      "CVE-2025-10164",
-      "CVE-2026-21858"
+      "CVE-2026-6973"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",
@@ -104,6 +104,7 @@
       "CVE-2024-1561",
       "CVE-2024-1708",
       "CVE-2024-24591",
+      "CVE-2024-31462",
       "CVE-2024-37032",
       "CVE-2024-39722",
       "CVE-2024-57728",
@@ -111,14 +112,13 @@
       "CVE-2025-2749",
       "CVE-2025-27920",
       "CVE-2025-4632",
+      "CVE-2025-51480",
       "CVE-2025-6218",
       "CVE-2025-67818",
       "CVE-2025-8110",
-      "CVE-2026-25592",
-      "CVE-2026-34926",
       "CVE-2026-22218",
-      "CVE-2025-51480",
-      "CVE-2024-31462"
+      "CVE-2026-25592",
+      "CVE-2026-34926"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-AC-3",
@@ -155,6 +155,7 @@
       "CVE-2016-10033",
       "CVE-2020-25079",
       "CVE-2023-33538",
+      "CVE-2024-12450",
       "CVE-2024-5565",
       "CVE-2025-10035",
       "CVE-2025-29635",
@@ -169,8 +170,7 @@
       "CVE-2026-30617",
       "CVE-2026-30624",
       "CVE-2026-30625",
-      "MAL-2026-3083",
-      "CVE-2024-12450"
+      "MAL-2026-3083"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",
@@ -421,15 +421,15 @@
       "CVE-2026-1281",
       "CVE-2026-1340",
       "CVE-2026-20045",
+      "CVE-2026-21877",
       "CVE-2026-25592",
       "CVE-2026-30615",
       "CVE-2026-33017",
       "CVE-2026-34197",
       "CVE-2026-45829",
-      "CVE-2026-6973",
-      "MAL-2026-3083",
       "CVE-2026-5760",
-      "CVE-2026-21877"
+      "CVE-2026-6973",
+      "MAL-2026-3083"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",
@@ -1361,6 +1361,7 @@
       "CVE-2024-50050",
       "CVE-2024-8069",
       "CVE-2025-10035",
+      "CVE-2025-10164",
       "CVE-2025-23254",
       "CVE-2025-24016",
       "CVE-2025-26399",
@@ -1377,14 +1378,13 @@
       "CVE-2025-59287",
       "CVE-2025-60455",
       "CVE-2025-68664",
+      "CVE-2025-68665",
       "CVE-2025-8747",
       "CVE-2026-20131",
       "CVE-2026-20963",
-      "CVE-2026-31229",
-      "CVE-2025-68665",
-      "CVE-2025-10164",
       "CVE-2026-3059",
-      "CVE-2026-3060"
+      "CVE-2026-3060",
+      "CVE-2026-31229"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",
@@ -1414,10 +1414,13 @@
     "skills_referencing": [],
     "evidence_cves": [
       "CVE-2024-3094",
+      "CVE-2025-30066",
+      "CVE-2025-30154",
       "CVE-2025-54313",
       "CVE-2025-59374",
       "CVE-2026-33634",
       "CVE-2026-45321",
+      "CVE-2026-48027",
       "MAL-2026-3083",
       "MAL-2026-NODE-IPC-STEALER",
       "MAL-2026-SHAI-HULUD-OSS",
@@ -1895,11 +1898,11 @@
       "CVE-2023-43654",
       "CVE-2023-48022",
       "CVE-2023-51449",
+      "CVE-2024-12450",
       "CVE-2024-6587",
       "CVE-2025-25297",
       "CVE-2025-56520",
       "CVE-2025-61884",
-      "CVE-2024-12450",
       "CVE-2026-22219"
     ],
     "framework_controls_partially_addressing": [
@@ -2202,9 +2205,9 @@
       "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
       "CVE-2025-3466",
       "CVE-2025-40536",
+      "CVE-2025-68668",
       "CVE-2026-21510",
-      "CVE-2026-21513",
-      "CVE-2025-68668"
+      "CVE-2026-21513"
     ],
     "last_verified": "2026-05-18",
     "notes": "Added v0.13.17 to back the UnDefend Defender update-disruption entry. CWE-693 is the canonical parent for failures-of-protection-mechanism — Defender continues running but its update mechanism has been corrupted, so the AV protection-mechanism fails silently while the host still passes 'is Defender running?' health checks."