npm - @blamejs/exceptd-skills - Versions diffs - 0.16.8 → 0.16.10 - Mend

@blamejs/exceptd-skills 0.16.8 → 0.16.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/CHANGELOG.md +16 -1
package/data/_indexes/_meta.json +10 -10
package/data/_indexes/activity-feed.json +18 -18
package/data/_indexes/catalog-summaries.json +6 -6
package/data/_indexes/chains.json +1139 -0
package/data/_indexes/frequency.json +1 -0
package/data/atlas-ttps.json +8 -3
package/data/attack-techniques.json +34 -12
package/data/cve-catalog.json +684 -3
package/data/cwe-catalog.json +39 -8
package/data/framework-control-gaps.json +51 -18
package/data/zeroday-lessons.json +527 -2
package/lib/cve-curation.js +2 -4
package/lib/flag-suggest.js +1 -1
package/lib/lint-skills.js +1 -0
package/lib/playbook-runner.js +2 -2
package/lib/scoring.js +3 -3
package/lib/validate-playbooks.js +0 -2
package/manifest.json +44 -44
package/package.json +1 -1
package/sbom.cdx.json +42 -42
package/scripts/check-codebase-patterns-currency.js +1 -2
package/scripts/check-codebase-patterns.js +109 -1
package/scripts/release.js +2 -2

package/data/cve-catalog.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "_meta": {
     "schema_version": "1.0.0",
-    "last_updated": "2026-05-30",
+    "last_updated": "2026-06-01",
     "source": "NVD + CISA KEV + vendor advisories — see sources/index.json",
     "required_fields": [
       "type",
@@ -55,7 +55,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.0279,
+      "current_rate": 0.0273,
       "current_floor_enforced_by_test": 0.027,
       "ladder_to_target": [
         0.027,
@@ -69,7 +69,7 @@
         0.3,
         0.4
       ],
-      "floor_correction_note": "v0.13.4: floor dropped from 0.15 → 0.13 after the v0.13.4 cleanup removed two stuck-draft CVEs (MAL-2026-ANTHROPIC-MCP-STDIO duplicate of CVE-2026-30623 + CVE-2026-GTIG-AI-2FA embargoed placeholder). The GTIG entry was the only ai_discovered=true of the two; catalog observed rate fell from 6/40 (0.15) to 5/38 (0.132). Floor is reset below the new observed rate to keep the test honest, and a new 0.13 rung is prepended to the ladder so monotonic non-decreasing is preserved without rewriting prior rungs. Prior correction note: v0.12.31 floor dropped 0.20 → 0.15 after the cycle-11 intake added six ai_discovered=false entries. v0.13.17: catalog grew 68 -> 72 with 4 non-AI Nightmare-Eclipse entries; observed rate falls from 12/68 (0.176) to 12/72 (0.208). Floor unchanged at 0.13 — still under observed. v0.13.17: catalog grew 72 -> 232 via CISA KEV bulk import; observed rate drops from 0.208 (15/72) to 0.065 (15/232) because KEV records lack AI-attribution metadata. Floor reset to 0.05 with new prepended ladder rung; existing rungs preserved. v0.13.17 round-2: catalog grew further to 312 via additional KEV bulk import; observed rate 0.038 (12/312). Floor lowered to 0.03 with a new prepended ladder rung to keep the test honest under bulk-import dilution. Prior rungs preserved; the 0.40 target ladder is unchanged. AI-attribution backfill for the 240 bulk-imported entries is operator-curation work in future cycles. v0.13.113: catalog grew to 402; observed rate 12/402 (0.0299) fell just under the 0.03 floor, so the floor was lowered to 0.029 with a prepended 0.029 ladder rung (prior rungs and the 0.40 target preserved). v0.13.122: AI-ecosystem CVE tranches grew the catalog to 414; observed rate 12/414 (0.0290) fell just under the 0.029 floor, so the floor was lowered to 0.028 with a prepended 0.028 ladder rung (prior rungs and the 0.40 target preserved). v0.14.27: three non-AI CI/CD supply-chain entries grew the catalog to 423; observed rate 12/423 (0.0284), current_rate updated 0.029 -> 0.028; floor unchanged at 0.028 (still under observed). v0.15.51: three non-AI supply-chain entries (CVE-2022-23812 node-ipc protestware + MAL-2026-TRAPDOOR-CROSS-ECOSYSTEM + MAL-2026-MOIKA-DEPCONFUSION) grew the catalog to 430; observed rate 12/430 (0.0279) fell just under the 0.028 floor, so the floor was lowered to 0.027 with a prepended 0.027 ladder rung (prior rungs and the 0.40 target preserved).",
+      "floor_correction_note": "v0.13.4: floor dropped from 0.15 → 0.13 after the v0.13.4 cleanup removed two stuck-draft CVEs (MAL-2026-ANTHROPIC-MCP-STDIO duplicate of CVE-2026-30623 + CVE-2026-GTIG-AI-2FA embargoed placeholder). The GTIG entry was the only ai_discovered=true of the two; catalog observed rate fell from 6/40 (0.15) to 5/38 (0.132). Floor is reset below the new observed rate to keep the test honest, and a new 0.13 rung is prepended to the ladder so monotonic non-decreasing is preserved without rewriting prior rungs. Prior correction note: v0.12.31 floor dropped 0.20 → 0.15 after the cycle-11 intake added six ai_discovered=false entries. v0.13.17: catalog grew 68 -> 72 with 4 non-AI Nightmare-Eclipse entries; observed rate falls from 12/68 (0.176) to 12/72 (0.208). Floor unchanged at 0.13 — still under observed. v0.13.17: catalog grew 72 -> 232 via CISA KEV bulk import; observed rate drops from 0.208 (15/72) to 0.065 (15/232) because KEV records lack AI-attribution metadata. Floor reset to 0.05 with new prepended ladder rung; existing rungs preserved. v0.13.17 round-2: catalog grew further to 312 via additional KEV bulk import; observed rate 0.038 (12/312). Floor lowered to 0.03 with a new prepended ladder rung to keep the test honest under bulk-import dilution. Prior rungs preserved; the 0.40 target ladder is unchanged. AI-attribution backfill for the 240 bulk-imported entries is operator-curation work in future cycles. v0.13.113: catalog grew to 402; observed rate 12/402 (0.0299) fell just under the 0.03 floor, so the floor was lowered to 0.029 with a prepended 0.029 ladder rung (prior rungs and the 0.40 target preserved). v0.13.122: AI-ecosystem CVE tranches grew the catalog to 414; observed rate 12/414 (0.0290) fell just under the 0.029 floor, so the floor was lowered to 0.028 with a prepended 0.028 ladder rung (prior rungs and the 0.40 target preserved). v0.14.27: three non-AI CI/CD supply-chain entries grew the catalog to 423; observed rate 12/423 (0.0284), current_rate updated 0.029 -> 0.028; floor unchanged at 0.028 (still under observed). v0.15.51: three non-AI supply-chain entries (CVE-2022-23812 node-ipc protestware + MAL-2026-TRAPDOOR-CROSS-ECOSYSTEM + MAL-2026-MOIKA-DEPCONFUSION) grew the catalog to 430; observed rate 12/430 (0.0279) fell just under the 0.028 floor, so the floor was lowered to 0.027 with a prepended 0.027 ladder rung (prior rungs and the 0.40 target preserved). v0.16.9: 9 non-AI catalog-hygiene entries grew the catalog to 439; observed AI rate 12/439 (0.0273) remains at or above the 0.027 floor (was 0.0279).",
       "ladder_note": "Test floor advances when each rung is exceeded with a margin (>= floor + 0.05). Surfaces incremental tightening without coincidence-passing failures.",
       "gap_explanation": "Catalog skews toward 2024 vendor-disclosed CVEs (xz-utils, runc, CRI-O, MLflow, containerd, SolarWinds, Citrix, ConnectWise) and Pwn2Own Ireland 2025 entries (Synacktiv, DEVCORE, Summoning Team, CyCraft) where AI-tooling involvement was either not used or not credited in the public disclosure. The 41% figure in AGENTS.md Hard Rule #7 reflects the broader 2025 zero-day population reported by Google Threat Intelligence Group; catalog membership is curated against a different sampling frame (operational impact + framework-coverage need) and so will lag the population-level rate.",
       "discovery_source_enum": [
@@ -45059,5 +45059,686 @@
     "_auto_imported": false,
     "_intake_method": "manual-verified-curation",
     "_kev_short_description": "n8n's Git node lets an authenticated user write a dangerous file to an arbitrary path for RCE and full instance compromise (CWE-434/CWE-94); fixed in 1.121.3."
+  },
+  "CVE-2023-51764": {
+    "ai_assisted_weaponization": false,
+    "name": "Postfix SMTP smuggling (non-standard end-of-data sequence enables sender spoofing past SPF/DKIM/DMARC)",
+    "type": "smtp-smuggling-message-injection",
+    "cvss_score": 5.3,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Public technique + tooling from SEC Consult's December 2023 disclosure (smtp-smuggling) demonstrating spoofed, authentication-passing mail against Postfix.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed by Timo Longin / SEC Consult (December 2023) as part of the coordinated SMTP-smuggling research affecting Postfix, Sendmail and Exim.",
+    "active_exploitation": "suspected",
+    "active_exploitation_notes": "No confirmed mass-exploitation campaign attributed to the smuggling primitive itself, but it is a published, tooled technique that delivers spoofed mail passing SPF/DKIM/DMARC — a high-value phishing/BEC delivery channel. Treated as suspected: demonstrated and weaponizable, observed exploitation unconfirmed.",
+    "affected": "Postfix SMTP server (smtpd) accepting inbound mail with default end-of-data handling.",
+    "affected_versions": [
+      "postfix < 3.5.23",
+      "postfix 3.6.x < 3.6.13",
+      "postfix 3.7.x < 3.7.9",
+      "postfix 3.8.x < 3.8.5"
+    ],
+    "vector": "Postfix accepts the non-standard end-of-data sequences <LF>.<LF> and <LF>.<CR><LF> in DATA, where RFC 5321 mandates <CR><LF>.<CR><LF>. An attacker who controls one envelope can embed a second, smuggled message that inherits the outer connection's SPF/DKIM/DMARC pass, delivering a spoofed sender. Fix: smtpd_forbid_unauth_pipelining=yes + smtpd_discard_ehlo_keywords=chunking on pre-3.8.5, or upgrade.",
+    "complexity": "low",
+    "complexity_notes": "Single inbound connection; public tooling. Requires the receiver to use a vulnerable end-of-data interpretation relative to the sender path.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is a software update (and, for the smuggling/STARTTLS classes, a server configuration change); no live-patch primitive applies. Service restart, not host reboot.",
+    "vendor_update_paths": [
+      "Postfix 3.8.5+ / 3.7.9+ / 3.6.13+ / 3.5.23+",
+      "Interim: smtpd_forbid_unauth_pipelining=yes and smtpd_discard_ehlo_keywords=chunking"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "The 30-day flaw-remediation SLA leaves a perimeter MTA accepting forged, SPF/DMARC-passing mail for weeks; the fix for the smuggling class is often a configuration change (strict end-of-data handling) the standard patch process does not surface.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' is undefined; a mail server that delivers spoofed mail past sender-authentication is an active phishing-delivery channel, not a routine patch.",
+      "NIS2-Art21-network-security": "Treats mail infrastructure as essential-function but assumes SPF/DKIM/DMARC are sufficient anti-spoofing controls; SMTP smuggling bypasses all three on the outer envelope, a gap the framework does not name.",
+      "PCI-DSS-4.0-6.3.3": "A spoofing-capable MTA in front of CDE personnel is a business-email-compromise delivery vector; the 30-day window is acceptance of a phishing channel."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1190",
+      "T1071.003"
+    ],
+    "rwep_score": 35,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 10,
+      "blast_radius": 20,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 35. poc_available (+20) + active_exploitation suspected (+10) + blast_radius 20 (Postfix is the most widely deployed open-source MTA; every inbound surface is a potential spoofing-delivery channel) - patch_available (-15). Not KEV; impact is integrity (sender spoofing/phishing-enablement), not RCE.",
+    "epss_score": null,
+    "epss_date": null,
+    "cwe_refs": [
+      "CWE-345",
+      "CWE-93"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Postfix smtpd reachable on inbound 25/465/587 at a version below 3.8.5 / 3.7.9 / 3.6.13 / 3.5.23 (or below 3.9).",
+        "A SMTP DATA probe terminated with <LF>.<LF> or <LF>.<CR><LF> is accepted as end-of-message instead of being rejected.",
+        "An inbound message whose DATA body contains a smuggled second envelope (MAIL FROM / RCPT TO / DATA) that is delivered as a distinct message inheriting the outer connection's SPF/DKIM/DMARC verdict.",
+        "smtpd_forbid_unauth_pipelining unset (or =no) on a pre-3.8.5 Postfix accepting unauthenticated mail."
+      ]
+    },
+    "source_verified": "2026-06-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2023-51764",
+      "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/",
+      "https://www.postfix.org/smtp-smuggling.html"
+    ],
+    "last_updated": "2026-06-01",
+    "discovery_attribution_note": "Disclosed December 2023 by Timo Longin (SEC Consult) in the coordinated SMTP-smuggling research spanning Postfix, Sendmail and Exim. Human protocol-parsing-differential research; no AI tooling credited."
+  },
+  "CVE-2023-51765": {
+    "ai_assisted_weaponization": false,
+    "name": "Sendmail SMTP smuggling (non-standard end-of-data sequence enables sender spoofing past SPF/DKIM/DMARC)",
+    "type": "smtp-smuggling-message-injection",
+    "cvss_score": 5.3,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "SEC Consult's December 2023 SMTP-smuggling research demonstrated spoofed authentication-passing mail against Sendmail.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Part of Timo Longin / SEC Consult December 2023 SMTP-smuggling disclosure.",
+    "active_exploitation": "suspected",
+    "active_exploitation_notes": "Published, tooled spoofing technique; no confirmed dedicated campaign. Suspected — demonstrated and weaponizable.",
+    "affected": "Sendmail MTA accepting inbound mail.",
+    "affected_versions": [
+      "sendmail <= 8.17.2 (fixed in 8.18.0.2 with the 'o' srv_features flag)"
+    ],
+    "vector": "Sendmail accepts <LF>.<CR><LF> as end-of-data where other MTAs require <CR><LF>.<CR><LF>, letting an attacker smuggle a second message that inherits the outer envelope's sender-authentication pass and spoof the sender. Fix: 8.18.0.2 and set the 'o' flag in srv_features.",
+    "complexity": "low",
+    "complexity_notes": "Single inbound connection; public technique.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is a software update (and, for the smuggling/STARTTLS classes, a server configuration change); no live-patch primitive applies. Service restart, not host reboot.",
+    "vendor_update_paths": [
+      "Sendmail 8.18.0.2+ with the 'o' flag in srv_features"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "The 30-day flaw-remediation SLA leaves a perimeter MTA accepting forged, SPF/DMARC-passing mail for weeks; the fix for the smuggling class is often a configuration change (strict end-of-data handling) the standard patch process does not surface.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' is undefined; a mail server that delivers spoofed mail past sender-authentication is an active phishing-delivery channel, not a routine patch.",
+      "NIS2-Art21-network-security": "Treats mail infrastructure as essential-function but assumes SPF/DKIM/DMARC are sufficient anti-spoofing controls; SMTP smuggling bypasses all three on the outer envelope, a gap the framework does not name.",
+      "PCI-DSS-4.0-6.3.3": "A spoofing-capable MTA in front of CDE personnel is a business-email-compromise delivery vector; the 30-day window is acceptance of a phishing channel."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1190",
+      "T1071.003"
+    ],
+    "rwep_score": 29,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 10,
+      "blast_radius": 14,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 29. poc_available (+20) + active_exploitation suspected (+10) + blast_radius 14 (Sendmail install base is large but declining relative to Postfix) - patch_available (-15). Integrity-impact spoofing, not KEV, not RCE.",
+    "epss_score": null,
+    "epss_date": null,
+    "cwe_refs": [
+      "CWE-345",
+      "CWE-93"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Sendmail reachable on inbound SMTP at a version at or below 8.17.2.",
+        "A DATA probe terminated with <LF>.<CR><LF> is accepted as end-of-message.",
+        "A smuggled second message-envelope inside DATA is delivered inheriting the outer connection sender-authentication verdict.",
+        "srv_features lacks the 'o' flag on a Sendmail below 8.18.0.2."
+      ]
+    },
+    "source_verified": "2026-06-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2023-51765",
+      "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/"
+    ],
+    "last_updated": "2026-06-01",
+    "discovery_attribution_note": "Disclosed December 2023 by Timo Longin (SEC Consult) as the Sendmail case of the coordinated SMTP-smuggling research. Human research; no AI tooling credited."
+  },
+  "CVE-2023-51766": {
+    "ai_assisted_weaponization": false,
+    "name": "Exim SMTP smuggling (non-standard end-of-data sequence enables sender spoofing past SPF/DKIM/DMARC)",
+    "type": "smtp-smuggling-message-injection",
+    "cvss_score": 5.3,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "SEC Consult December 2023 SMTP-smuggling research demonstrated spoofed authentication-passing mail against Exim.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Part of Timo Longin / SEC Consult December 2023 SMTP-smuggling disclosure.",
+    "active_exploitation": "suspected",
+    "active_exploitation_notes": "Published, tooled spoofing technique; Exim is the default MTA on many cPanel hosts, broadening the spoofing surface. No confirmed dedicated campaign — suspected.",
+    "affected": "Exim MTA (notably in PIPELINING/CHUNKING configurations) accepting inbound mail.",
+    "affected_versions": [
+      "exim < 4.97.1"
+    ],
+    "vector": "Exim accepts <LF>.<CR><LF> as end-of-data in PIPELINING/CHUNKING configurations, differing from the RFC 5321 <CR><LF>.<CR><LF>, enabling a smuggled second message that inherits the outer SPF/DKIM/DMARC pass. Fix: upgrade to 4.97.1.",
+    "complexity": "low",
+    "complexity_notes": "Single inbound connection; public technique. Exim's cPanel ubiquity widens reach.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is a software update (and, for the smuggling/STARTTLS classes, a server configuration change); no live-patch primitive applies. Service restart, not host reboot.",
+    "vendor_update_paths": [
+      "Exim 4.97.1+"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "The 30-day flaw-remediation SLA leaves a perimeter MTA accepting forged, SPF/DMARC-passing mail for weeks; the fix for the smuggling class is often a configuration change (strict end-of-data handling) the standard patch process does not surface.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' is undefined; a mail server that delivers spoofed mail past sender-authentication is an active phishing-delivery channel, not a routine patch.",
+      "NIS2-Art21-network-security": "Treats mail infrastructure as essential-function but assumes SPF/DKIM/DMARC are sufficient anti-spoofing controls; SMTP smuggling bypasses all three on the outer envelope, a gap the framework does not name.",
+      "PCI-DSS-4.0-6.3.3": "A spoofing-capable MTA in front of CDE personnel is a business-email-compromise delivery vector; the 30-day window is acceptance of a phishing channel."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1190",
+      "T1071.003"
+    ],
+    "rwep_score": 33,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 10,
+      "blast_radius": 18,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 33. poc_available (+20) + active_exploitation suspected (+10) + blast_radius 18 (Exim is the default MTA on a very large hosting/cPanel install base) - patch_available (-15). Integrity-impact spoofing, not KEV, not RCE.",
+    "epss_score": null,
+    "epss_date": null,
+    "cwe_refs": [
+      "CWE-345",
+      "CWE-93"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Exim reachable on inbound SMTP at a version below 4.97.1.",
+        "A DATA probe terminated with <LF>.<CR><LF> is accepted as end-of-message in a PIPELINING/CHUNKING configuration.",
+        "A smuggled second message-envelope inside DATA delivered inheriting the outer connection sender-authentication verdict.",
+        "Exim below 4.97.1 advertising CHUNKING (BDAT) to unauthenticated peers."
+      ]
+    },
+    "source_verified": "2026-06-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2023-51766",
+      "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/"
+    ],
+    "last_updated": "2026-06-01",
+    "discovery_attribution_note": "Disclosed December 2023 by Timo Longin (SEC Consult) as the Exim case of the coordinated SMTP-smuggling research. Human research; no AI tooling credited."
+  },
+  "CVE-2021-38371": {
+    "ai_assisted_weaponization": false,
+    "name": "Exim STARTTLS response injection (pre-handshake buffer not drained on the sending MTA path)",
+    "type": "starttls-response-injection",
+    "cvss_score": 7.5,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "The NO STARTTLS research (nostarttls.secvuln.info / USENIX Security 2021) published test tooling demonstrating STARTTLS injection against affected MTAs including Exim.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Part of the \"NO STARTTLS\" research (Poddebniak, Ising, Böck, Schinzel, 2021) cataloguing STARTTLS injection across MTAs and mail clients.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "Exploitation requires an on-path/MITM position; no confirmed in-wild campaign. Real, tooled, and vendor-patched.",
+    "affected": "Exim through 4.94.2 on the MTA SMTP sending path.",
+    "affected_versions": [
+      "exim <= 4.94.2"
+    ],
+    "vector": "The STARTTLS feature in Exim does not discard data buffered before the TLS handshake, so an on-path attacker can inject responses (response injection / buffering) that the client applies after STARTTLS completes. Fix: upgrade past 4.94.2 (4.95+).",
+    "complexity": "high",
+    "complexity_notes": "Requires an adversary-in-the-middle position on the SMTP path; once positioned, injection is reliable.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is a software update (and, for the smuggling/STARTTLS classes, a server configuration change); no live-patch primitive applies. Service restart, not host reboot.",
+    "vendor_update_paths": [
+      "Exim 4.95+"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Patch SLA assumes opportunistic-TLS protects the session; a STARTTLS command/response injection executes attacker plaintext after the handshake, so an unpatched server silently trusts pre-TLS bytes regardless of the cipher negotiated.",
+      "ISO-27001-2022-A.8.8": "Standard 30-day reading is unsafe for a flaw that lets an on-path attacker inject authenticated mail commands; cryptographic controls (A.8.24) are present but defeated by the buffering defect, not the cipher.",
+      "UK-CAF-B4": "System security principle treats TLS as the boundary; the STARTTLS receive-buffer defect means the boundary is crossed before TLS applies, which the principle does not model."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1557",
+      "T1071.003"
+    ],
+    "rwep_score": 21,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 16,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 21. poc_available (+20) + blast_radius 16 (large Exim install base) - patch_available (-15). active_exploitation none (MITM-positioned, no observed campaign); the poc factor carries the real-world-exploitability signal.",
+    "epss_score": null,
+    "epss_date": null,
+    "cwe_refs": [
+      "CWE-74"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Exim reachable on the SMTP sending/receiving path at a version at or below 4.94.2.",
+        "STARTTLS handshake on the connection does not discard bytes buffered before the handshake (plaintext bytes received pre-TLS are processed post-TLS).",
+        "On-path injection of SMTP responses observed crossing the STARTTLS boundary."
+      ]
+    },
+    "source_verified": "2026-06-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2021-38371",
+      "https://nostarttls.secvuln.info/"
+    ],
+    "last_updated": "2026-06-01",
+    "discovery_attribution_note": "Disclosed in the 2021 NO STARTTLS research (Poddebniak, Ising, Böck, Schinzel; USENIX Security 2021) cataloguing STARTTLS injection across MTAs and mail clients. Human academic research; no AI involvement."
+  },
+  "CVE-2021-33515": {
+    "ai_assisted_weaponization": false,
+    "name": "Dovecot lib-smtp STARTTLS command injection (submission service)",
+    "type": "starttls-command-injection",
+    "cvss_score": 4.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "STARTTLS-injection family tooling (NO STARTTLS research lineage) demonstrates the pre-handshake command-injection class against lib-smtp.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "Disclosed against Dovecot's submission service / lib-smtp, in the STARTTLS-injection family.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "MITM-positioned; no confirmed in-wild campaign. Real, vendor-patched in 2.3.15.",
+    "affected": "Dovecot submission service (lib-smtp) before 2.3.15.",
+    "affected_versions": [
+      "dovecot < 2.3.15"
+    ],
+    "vector": "The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp: a prebuilt sequence of commands sent before the TLS handshake is executed after the handshake, allowing an on-path attacker to redirect sensitive data to an attacker-controlled destination. Fix: upgrade to 2.3.15.",
+    "complexity": "high",
+    "complexity_notes": "Requires an on-path position (AC:H); the injected commands then execute post-TLS.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is a software update (and, for the smuggling/STARTTLS classes, a server configuration change); no live-patch primitive applies. Service restart, not host reboot.",
+    "vendor_update_paths": [
+      "Dovecot 2.3.15+"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Patch SLA assumes opportunistic-TLS protects the session; a STARTTLS command/response injection executes attacker plaintext after the handshake, so an unpatched server silently trusts pre-TLS bytes regardless of the cipher negotiated.",
+      "ISO-27001-2022-A.8.8": "Standard 30-day reading is unsafe for a flaw that lets an on-path attacker inject authenticated mail commands; cryptographic controls (A.8.24) are present but defeated by the buffering defect, not the cipher.",
+      "UK-CAF-B4": "System security principle treats TLS as the boundary; the STARTTLS receive-buffer defect means the boundary is crossed before TLS applies, which the principle does not model."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1557",
+      "T1071.003"
+    ],
+    "rwep_score": 19,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 14,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 19. poc_available (+20) + blast_radius 14 (Dovecot is a very common IMAP/submission server) - patch_available (-15). active_exploitation none (MITM-required).",
+    "epss_score": null,
+    "epss_date": null,
+    "cwe_refs": [
+      "CWE-77"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Dovecot submission service reachable at a version below 2.3.15.",
+        "A prebuilt command sequence sent before STARTTLS is buffered and executed after the TLS handshake completes.",
+        "Submission commands that redirect mail to an unexpected destination appearing immediately after a STARTTLS upgrade."
+      ]
+    },
+    "source_verified": "2026-06-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2021-33515",
+      "https://nostarttls.secvuln.info/"
+    ],
+    "last_updated": "2026-06-01",
+    "discovery_attribution_note": "Disclosed in the STARTTLS-injection research lineage (NO STARTTLS, 2021) against Dovecot lib-smtp / the submission service. Human research; no AI involvement."
+  },
+  "CVE-2011-0411": {
+    "ai_assisted_weaponization": false,
+    "name": "Postfix STARTTLS plaintext command injection (I/O buffering not reset across TLS handshake)",
+    "type": "starttls-command-injection",
+    "cvss_score": 4.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+    "cvss_note": "NVD published only CVSSv2 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) for this 2011 CVE; the v3.1 vector is an operator estimate aligning it with the equivalent Dovecot/Exim STARTTLS-injection class (AiTM-required plaintext command injection). NVD CWE is the deprecated CWE-264; the precise mechanism is CWE-77.",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Demonstrated in the original 2011 Postfix STARTTLS disclosure (plaintext command injection across the TLS boundary).",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_notes": "The original STARTTLS plaintext-command-injection class (Wietse Venema / Postfix), the canonical 2011 disclosure that the 2021 NO STARTTLS work generalized.",
+    "active_exploitation": "none",
+    "active_exploitation_notes": "MITM-positioned; legacy and broadly patched. Real, vendor-patched in the 2.x maintenance releases.",
+    "affected": "Postfix SMTP server STARTTLS implementation (2.4.x–2.7.x maintenance branches).",
+    "affected_versions": [
+      "postfix 2.4.x < 2.4.16",
+      "postfix 2.5.x < 2.5.12",
+      "postfix 2.6.x < 2.6.9",
+      "postfix 2.7.x < 2.7.3"
+    ],
+    "vector": "Postfix's STARTTLS implementation does not properly restrict I/O buffering, so plaintext SMTP commands inserted by a man-in-the-middle before the TLS handshake are executed within the encrypted session afterward. Fix: upgrade to the patched 2.x maintenance release.",
+    "complexity": "high",
+    "complexity_notes": "Requires an on-path position; the foundational STARTTLS-injection defect.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is a software update (and, for the smuggling/STARTTLS classes, a server configuration change); no live-patch primitive applies. Service restart, not host reboot.",
+    "vendor_update_paths": [
+      "Postfix 2.4.16+ / 2.5.12+ / 2.6.9+ / 2.7.3+"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Patch SLA assumes opportunistic-TLS protects the session; a STARTTLS command/response injection executes attacker plaintext after the handshake, so an unpatched server silently trusts pre-TLS bytes regardless of the cipher negotiated.",
+      "ISO-27001-2022-A.8.8": "Standard 30-day reading is unsafe for a flaw that lets an on-path attacker inject authenticated mail commands; cryptographic controls (A.8.24) are present but defeated by the buffering defect, not the cipher.",
+      "UK-CAF-B4": "System security principle treats TLS as the boundary; the STARTTLS receive-buffer defect means the boundary is crossed before TLS applies, which the principle does not model."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1557",
+      "T1071.003"
+    ],
+    "rwep_score": 17,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 0,
+      "blast_radius": 12,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 17. poc_available (+20) + blast_radius 12 (legacy Postfix branches, largely patched; low residual population) - patch_available (-15). active_exploitation none (MITM-required, legacy).",
+    "epss_score": null,
+    "epss_date": null,
+    "cwe_refs": [
+      "CWE-77",
+      "CWE-264"
+    ],
+    "iocs": {
+      "behavioral": [
+        "Postfix at a 2.4.x/2.5.x/2.6.x/2.7.x version below the patched maintenance release.",
+        "Plaintext SMTP commands injected before STARTTLS are processed inside the encrypted session.",
+        "I/O buffer not reset at the STARTTLS upgrade on a legacy Postfix."
+      ]
+    },
+    "source_verified": "2026-06-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2011-0411",
+      "https://www.postfix.org/CVE-2011-0411.html"
+    ],
+    "last_updated": "2026-06-01",
+    "discovery_attribution_note": "The original 2011 STARTTLS plaintext-command-injection disclosure (Wietse Venema / Postfix) that the 2021 NO STARTTLS work later generalized. Human research; no AI involvement."
+  },
+  "CVE-2023-50387": {
+    "ai_assisted_weaponization": false,
+    "name": "KeyTrap — DNSSEC validating-resolver CPU exhaustion via crafted DNSKEY/RRSIG combinations",
+    "type": "dnssec-validation-cpu-exhaustion",
+    "cvss_score": 7.5,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "KeyTrap PoC zones and analysis published with the Feb 2024 coordinated disclosure; ISC/NLnet Labs/PowerDNS advisories document the attack and the work-bounding fixes.",
+    "ai_discovered": false,
+    "ai_discovery_source": "academic_ai_fuzzing",
+    "ai_discovery_notes": "Discovered by the ATHENE / Goethe University Frankfurt research group (KeyTrap, disclosed Feb 2024). Academic protocol research, not AI-attributed by the disclosers; ai_discovered remains false.",
+    "active_exploitation": "suspected",
+    "active_exploitation_notes": "High-profile coordinated disclosure (BIND, Unbound, PowerDNS, Knot, Dnsmasq patched in lockstep Feb 2024). Single crafted DNSSEC response can stall a validating resolver for an extended period. Internet-scale concern; observed scanning but no confirmed sustained campaign — suspected.",
+    "affected": "DNSSEC-validating resolvers evaluating DNSKEY/RRSIG record combinations.",
+    "affected_versions": [
+      "BIND 9.0.0-9.16.46 / 9.18.0-9.18.22 / 9.19.0-9.19.20",
+      "Unbound < 1.19.1",
+      "PowerDNS Recursor 4.8.0-4.8.5 / 4.9.0-4.9.2 / 5.0.0-5.0.1",
+      "Knot Resolver < 5.7.1",
+      "Dnsmasq < 2.90"
+    ],
+    "vector": "A validating resolver must evaluate all combinations of DNSKEY and RRSIG records when a zone presents many of them (colliding key tags). An attacker hosting (or spoofing responses for) such a zone forces worst-case O(n*m) signature evaluations, consuming CPU and stalling the resolver for all clients. Fix: vendor patches cap the validation work.",
+    "complexity": "low",
+    "complexity_notes": "Single crafted DNSSEC response; the resolver does the expensive work. No auth.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is a software update (and, for the smuggling/STARTTLS classes, a server configuration change); no live-patch primitive applies. Service restart, not host reboot.",
+    "vendor_update_paths": [
+      "BIND 9.16.47+ / 9.18.23+ / 9.19.21+",
+      "Unbound 1.19.1+",
+      "PowerDNS Recursor 4.8.6+ / 4.9.3+ / 5.0.2+",
+      "Knot Resolver 5.7.1+",
+      "Dnsmasq 2.90+"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "A resolver/server CPU-exhaustion DoS is mass-triggerable from a single crafted response/stream; the 30-day patch window is far longer than the time to take a validating resolver or HTTP/2 front-door offline.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' undefined; an availability flaw on shared infrastructure (DNS resolver, web front-door) warrants a compressed SLA the standard reading does not require.",
+      "NIS2-Art21-network-security": "Availability of essential-function infrastructure is in scope, but the framework lacks a compressed SLA for a single-packet/single-connection amplification DoS against shared resolvers or web tiers.",
+      "DORA-Art-9": "ICT availability protection presumes capacity headroom; an algorithmic-complexity DoS defeats headroom because cost is asymmetric (one cheap request → unbounded server work)."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1499",
+      "T1498"
+    ],
+    "rwep_score": 39,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 10,
+      "blast_radius": 24,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 39. poc_available (+20) + active_exploitation suspected (+10) + blast_radius 24 (every DNSSEC-validating resolver across all major implementations — foundational internet infrastructure) - patch_available (-15). Availability impact (A:H); not KEV.",
+    "epss_score": null,
+    "epss_date": null,
+    "cwe_refs": [
+      "CWE-770"
+    ],
+    "iocs": {
+      "behavioral": [
+        "A validating resolver (BIND/Unbound/PowerDNS Recursor/Knot/Dnsmasq) at a version below the KeyTrap-fixed release.",
+        "Resolver CPU saturates and query latency spikes when resolving names in a zone that presents many DNSKEY/RRSIG records with colliding key tags.",
+        "Validation work per response is not bounded (no cap on DNSKEY*RRSIG evaluation combinations) on a pre-patch resolver."
+      ]
+    },
+    "source_verified": "2026-06-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2023-50387",
+      "https://www.athene-center.de/en/keytrap",
+      "https://kb.isc.org/docs/cve-2023-50387"
+    ],
+    "last_updated": "2026-06-01",
+    "discovery_attribution_note": "Disclosed February 2024 by the ATHENE / Goethe University Frankfurt research group (KeyTrap) via coordinated multi-vendor DNSSEC disclosure (BIND, Unbound, PowerDNS, Knot, Dnsmasq). Academic protocol research; no AI involvement."
+  },
+  "CVE-2023-50868": {
+    "ai_assisted_weaponization": false,
+    "name": "DNSSEC NSEC3 closest-encloser proof CPU exhaustion (excessive SHA-1 iterations)",
+    "type": "dnssec-nsec3-cpu-exhaustion",
+    "cvss_score": 7.5,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+    "cisa_kev": false,
+    "poc_available": true,
+    "poc_description": "Published with the Feb 2024 coordinated DNSSEC disclosure; ISC/NLnet Labs/PowerDNS advisories document the NSEC3 work-bounding fix.",
+    "ai_discovered": false,
+    "ai_discovery_source": "academic_ai_fuzzing",
+    "ai_discovery_notes": "Disclosed alongside KeyTrap by the ATHENE / Goethe University Frankfurt group (Feb 2024). Academic protocol research; ai_discovered false.",
+    "active_exploitation": "suspected",
+    "active_exploitation_notes": "Coordinated multi-vendor disclosure and patching (Feb 2024). Crafted NSEC3 responses force excessive hashing; internet-scale concern. Observed scanning, no confirmed sustained campaign — suspected.",
+    "affected": "DNSSEC-validating resolvers performing NSEC3 closest-encloser denial-of-existence proofs.",
+    "affected_versions": [
+      "BIND 9.0.0-9.16.47 / 9.18.0-9.18.23 / 9.19.0-9.19.20",
+      "Unbound < 1.19.1",
+      "PowerDNS Recursor 4.8.x<4.8.5 / 4.9.0-4.9.2 / 5.0.0-5.0.1",
+      "Knot Resolver < 5.7.1"
+    ],
+    "vector": "Validating an NSEC3 closest-encloser proof for a crafted response forces the resolver to perform a large number of SHA-1 hash iterations (the NSEC3 iteration count and closest-encloser candidate enumeration), consuming CPU. Fix: vendor patches bound the NSEC3 iteration/closest-encloser work.",
+    "complexity": "low",
+    "complexity_notes": "Single crafted DNSSEC response targeting random subdomains; resolver bears the cost.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is a software update (and, for the smuggling/STARTTLS classes, a server configuration change); no live-patch primitive applies. Service restart, not host reboot.",
+    "vendor_update_paths": [
+      "BIND 9.16.48+ / 9.18.24+ / 9.19.21+",
+      "Unbound 1.19.1+",
+      "PowerDNS Recursor 4.8.5+ / 4.9.3+ / 5.0.2+",
+      "Knot Resolver 5.7.1+"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "A resolver/server CPU-exhaustion DoS is mass-triggerable from a single crafted response/stream; the 30-day patch window is far longer than the time to take a validating resolver or HTTP/2 front-door offline.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' undefined; an availability flaw on shared infrastructure (DNS resolver, web front-door) warrants a compressed SLA the standard reading does not require.",
+      "NIS2-Art21-network-security": "Availability of essential-function infrastructure is in scope, but the framework lacks a compressed SLA for a single-packet/single-connection amplification DoS against shared resolvers or web tiers.",
+      "DORA-Art-9": "ICT availability protection presumes capacity headroom; an algorithmic-complexity DoS defeats headroom because cost is asymmetric (one cheap request → unbounded server work)."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1499",
+      "T1498"
+    ],
+    "rwep_score": 37,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 10,
+      "blast_radius": 22,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 37. poc_available (+20) + active_exploitation suspected (+10) + blast_radius 22 (every DNSSEC-validating resolver doing NSEC3 proofs) - patch_available (-15). Availability impact (A:H); not KEV.",
+    "epss_score": null,
+    "epss_date": null,
+    "cwe_refs": [
+      "CWE-400"
+    ],
+    "iocs": {
+      "behavioral": [
+        "A validating resolver at a version below the NSEC3-fixed release.",
+        "Resolver CPU saturates when resolving names that trigger NSEC3 closest-encloser proofs with high iteration counts.",
+        "NSEC3 iteration/closest-encloser work is not capped on a pre-patch resolver."
+      ]
+    },
+    "source_verified": "2026-06-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2023-50868",
+      "https://www.athene-center.de/en/keytrap",
+      "https://kb.isc.org/docs/cve-2023-50868"
+    ],
+    "last_updated": "2026-06-01",
+    "discovery_attribution_note": "Disclosed February 2024 alongside KeyTrap by the ATHENE / Goethe University Frankfurt group as the NSEC3 closest-encloser CPU-exhaustion case. Academic protocol research; no AI involvement."
+  },
+  "CVE-2023-44487": {
+    "ai_assisted_weaponization": false,
+    "name": "HTTP/2 Rapid Reset — stream open-then-RST_STREAM flood (record-breaking DDoS)",
+    "type": "http2-stream-reset-ddos",
+    "cvss_score": 7.5,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+    "cisa_kev": true,
+    "cisa_kev_date": "2023-10-10",
+    "cisa_kev_due_date": "2023-10-31",
+    "poc_available": true,
+    "poc_description": "Public technique with widely available exploit tooling published immediately after the October 2023 co-disclosure; demonstrated at internet scale by the disclosing CDNs.",
+    "ai_discovered": false,
+    "ai_discovery_source": "vendor_research",
+    "ai_discovery_notes": "Co-disclosed October 2023 by Google, Cloudflare and AWS after absorbing the largest-recorded HTTP/2 DDoS to that date. Vendor research; not AI-attributed.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "Actively exploited at scale August–October 2023; Cloudflare/Google/AWS reported record-breaking DDoS (hundreds of millions of rps). CISA KEV-listed 2023-10-10 with a 2023-10-31 federal remediation deadline. Hundreds of HTTP/2 server, proxy and CDN implementations affected.",
+    "affected": "HTTP/2 server, proxy and CDN implementations that allow a client to open a stream and immediately send RST_STREAM without a per-connection cap (Apache, Nginx, Node.js, Go net/http, gRPC, Envoy, Microsoft .NET/IIS, and many more).",
+    "affected_versions": [
+      "Implementation-specific — any HTTP/2 endpoint without rapid-reset accounting; remediate per the vendor advisory for each server/proxy."
+    ],
+    "vector": "HTTP/2 multiplexing lets a client open a stream (HEADERS) and immediately cancel it (RST_STREAM) before the server responds. Because cancellation is cheap for the client but the server still does per-stream setup/teardown work, an attacker cycles open-then-reset at high rate to exhaust the server with minimal cost — a record-breaking DDoS primitive. Fix: cap the rate of client-initiated stream resets per connection and close abusive connections.",
+    "complexity": "low",
+    "complexity_notes": "Single HTTP/2 connection; trivially scriptable; mass-exploited in the wild.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "Remediation is a software update (and, for the smuggling/STARTTLS classes, a server configuration change); no live-patch primitive applies. Service restart, not host reboot.",
+    "vendor_update_paths": [
+      "Per-implementation patches that add rapid-reset accounting (e.g. Nginx keepalive_requests limits, Go MaxConcurrentStreams + reset accounting, Node.js stream-reset caps, Envoy overload manager) — apply the vendor advisory for each affected server/proxy."
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "A resolver/server CPU-exhaustion DoS is mass-triggerable from a single crafted response/stream; the 30-day patch window is far longer than the time to take a validating resolver or HTTP/2 front-door offline.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' undefined; an availability flaw on shared infrastructure (DNS resolver, web front-door) warrants a compressed SLA the standard reading does not require.",
+      "NIS2-Art21-network-security": "Availability of essential-function infrastructure is in scope, but the framework lacks a compressed SLA for a single-packet/single-connection amplification DoS against shared resolvers or web tiers.",
+      "DORA-Art-9": "ICT availability protection presumes capacity headroom; an algorithmic-complexity DoS defeats headroom because cost is asymmetric (one cheap request → unbounded server work)."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1499.001",
+      "T1498"
+    ],
+    "rwep_score": 80,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 30,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "rwep_notes": "RWEP 80. cisa_kev (+25) + poc_available (+20) + active_exploitation confirmed (+20) + blast_radius 30 (effectively every HTTP/2 server, proxy and CDN — internet-wide) - patch_available (-15). The highest-RWEP entry in this batch: KEV-listed, mass-exploited availability flaw against shared web infrastructure.",
+    "epss_score": null,
+    "epss_date": null,
+    "cwe_refs": [
+      "CWE-400"
+    ],
+    "iocs": {
+      "behavioral": [
+        "An HTTP/2 endpoint (server/proxy/CDN) without a per-connection cap on client-initiated stream resets.",
+        "A burst of HEADERS-then-immediate-RST_STREAM frames on a single HTTP/2 connection at a rate far exceeding legitimate cancellation.",
+        "Server CPU/worker exhaustion correlated with high stream-open/reset churn rather than response throughput.",
+        "HTTP/2 server/proxy version below the rapid-reset-fixed release named in the vendor advisory."
+      ]
+    },
+    "source_verified": "2026-06-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
+      "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/",
+      "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
+    ],
+    "last_updated": "2026-06-01",
+    "discovery_attribution_note": "Co-disclosed October 2023 by Google, Cloudflare and AWS after absorbing the largest-recorded HTTP/2 DDoS to that date; CISA KEV-listed 2023-10-10. Vendor research; no AI involvement."
   }
 }