AVE v1.1.0 — 51 records, schema v1.0.0, full detection coverage
Released: 2026-06-21
What changed
All 48 original records migrated to schema v1.0.0.
Every record now validates against the canonical schema. Fields promoted to top level,
references converted to structured objects, evidence declaration fields backfilled on
all records. The --skip-validation flag is no longer needed in ave-site builds.
3 new records — 51 total.
| AVE ID | Title | Severity | AIVSS |
|---|---|---|---|
| AVE-2026-00049 | HTTP Host Header Injection (BadHost) | HIGH | 7.2 |
| AVE-2026-00050 | Parasitic Toolchain — Silent Tool Registration | HIGH | 7.2 |
| AVE-2026-00051 | OAuth Discovery Rebinding | HIGH | 7.2 |
Identified as confirmed genuine gaps from a benchmark across MCPSecBench, FSF-MCP,
MCP-SafetyBench, and Hou et al. 2025. Each ships with a detection rule and
positive/negative fixtures.
Detection rules and fixtures for every record.
102 tests passing — 51 records x 2 fixtures each. Every record now has a rule
in bawbel/scanner and both a positive fixture (must trigger) and a negative
fixture (must not trigger).
AIVSS score corrections on 6 records.
Formula was not applied correctly and some ThM values were outside the valid set
{0.75, 0.90, 1.0}. All 51 records now pass formula verification.
| Record | Old | New | Reason |
|---|---|---|---|
| AVE-2026-00046 | 9.1 | 9.2 | ThM corrected to 1.0 (in-the-wild) |
| AVE-2026-00047 | 7.8 | 7.6 | ThM corrected to 1.0 (in-the-wild) |
| AVE-2026-00048 | 8.2 | 7.7 | ThM corrected to 0.90 (PoC exists) |
| AVE-2026-00049 | 7.5 | 7.2 | ThM corrected to 1.0 (in-the-wild) |
| AVE-2026-00050 | 7.8 | 7.2 | ThM corrected to 0.90 (PoC exists) |
| AVE-2026-00051 | 8.1 | 7.2 | ThM corrected; cvss_base raised to 9.5 |
AVE-in-SARIF convention published.
docs/specs/ave-in-sarif.md defines how AVE findings travel as SARIF into the
GitHub Security tab and CI systems. Covers required fields, severity mapping,
taxonomies block, and a complete minimal SARIF example.
Research benchmark published.
docs/agents/research/benchmark-2026-06.md maps 87 classes across 6 external
datasets against the AVE record set. Identifies 1 genuine remaining gap
(resource exhaustion / agentic DoS) and confirms Hou et al. 2025 is fully
covered (16/16).
Offline record set
All 51 records as a single downloadable JSON array — for air-gapped environments,
bundled scanner installs, and offline tooling:
ave-records-v1.1.0.json
(51 records, schema v1.0.0, ~220KB)
Links
- Registry: https://ave.bawbel.io/registry.html
- Schema reference: https://ave.bawbel.io/schema.html
- Threat intel API: https://api.piranha.bawbel.io
- Scanner (reference implementation): https://github.com/bawbel/scanner
- Implementer guide: docs/specs/ave-implementer-guide.md
Full changelog: CHANGELOG.md