Iteration 2026 04 26
GHAD High/Critical Iteration (Published in 2026) — 2026-04-26
Input run:
python scripts/generate_cve_recipes_from_ghad.py \
--advisory-root data/ghad-snapshot \
--output-root /tmp/cve-generated-check \
--report-path data/ghad-assessment/latest.json \
--published-year 2026Result-by-result review
- GHSA-37gx-xxp4-5rgx / CVE-2026-33116 (
decision: generated)- Generated draft reviewed for mitigation/remediation viability.
- Committed curated CVE prompt:
content/prompt-library/cve/cve-2026-33116-dotnet-crypto-xml-dos.md - Status: kept (clear patched versions available).
NVD feed gap review (critical CVEs, 2026)
To close a coverage gap beyond GHAD-only inputs, NVD critical CVEs were reviewed for practical, actionable remediation content and software relevance.
Added curated prompts:
CVE-2026-24159 (NVIDIA NeMo Framework)
- NVD rates CVSS v3.1 as critical; vendor bulletin provides fixed version.
- Prompt added:
content/prompt-library/cve/cve-2026-24159-nvidia-nemo-deserialization-rce.md
CVE-2026-24164 (NVIDIA BioNeMo Framework)
- NVD rates CVSS v3.1 as critical; vendor bulletin identifies fixed commit.
- Prompt added:
content/prompt-library/cve/cve-2026-24164-nvidia-bionemo-deserialization-rce.md
Summary
- Scope: High/Critical advisories disclosed in 2026
- High/Critical assessed in current GHAD advisory input: 1
- Recipes generated by GHAD script: 1
- Additional critical CVE prompts added from NVD feed review: 2
- Total 2026 high/critical prompts now in
content/prompt-library/cve: 7 - Removed for missing remediation: 0
Existing 2026 High/Critical CVE prompts in this repo
A catalog snapshot was also generated at:
data/ghad-assessment/cve-prompts-2026-high-critical.json
It currently lists 7 disclosed 2026 High/Critical CVE recipe pages
present under content/prompt-library/cve/.