v3.7.2 — Service-Bound CVE Correlation & NVD 2.0 API

[Rami8612]

What's new in v3.7.2

Service-Bound CVE Correlation

Each CVE returned by cve_lookup now includes a SERVICE BINDING line derived from
CPE data, naming the exact vendor/product the CVE applies to. A global rule
(EVIDENCE_RULES rule 9) enforces that every CVE in a report or analysis is attached
only to the matching detected service — never reassigned to an unrelated service on the
same host.

CVE Query Lock

A new global rule (EVIDENCE_RULES rule 10) prevents the LLM from drifting when building
cve_lookup queries after service discovery. Queries must be derived strictly from
the detected product name and version string present in tool output. Forbidden inputs:
host IP, semantic pivots to adjacent software (Apache ≠ Log4j), and famous CVEs
introduced from background knowledge without a confirmed product match. The rule is
reinforced at skill level in both recon and analysis.

Expanded cve_lookup — Full NVD 2.0 API support

The tool now exposes the complete NVD 2.0 API parameter set:

Parameter	Description
keyword + exact_match	Whole-word keyword matching
cpe_name	Filter by full CPE 2.3 string
virtual_match_string	CPE pattern/wildcard matching
cvss_severity	Filter by LOW / MEDIUM / HIGH / CRITICAL
pub_start_date / pub_end_date	Publication date range
last_mod_start_date / last_mod_end_date	Last-modified date range
no_rejected	Exclude REJECT-status CVEs

The knowledge file (rami-kali/knowledge/tools/cve_lookup.md) has been fully rewritten
with a parameter table, 8 invocation examples, and the CVE Query Lock decision
sequence.

Files changed

rami-kali/mcp_server.py · backend/skills/composer.py ·
backend/skills/definitions/recon.json · backend/skills/definitions/analysis.json ·
backend/skills/definitions/reporting.json · rami-kali/knowledge/tools/cve_lookup.md
· README.md · rami-kali/README.md

---

This discussion was created from the release v3.7.2 — Service-Bound CVE Correlation & NVD 2.0 API.