Synthetic verification advisory (CVE-2026-99999)
A synthetic verification advisory used to exercise newt lab's advisory templates. Replace with real disclosures at Story 10.7.
This is a synthetic verification advisory. The CVE identifier CVE-2026-99999
is not a real assignment; the affected-product label
verification-target 0.1.0–0.1.4 is fictional. The purpose of this entry is to
exercise the advisory single-page template (structured record, status badge,
onward-links + citation block) and the chronological advisory index.
Story 10.7 will replace this file with the inaugural real advisories before launch. Until then, this entry intentionally lists itself in the public advisory index as a placeholder.
The verification-target component fails to validate an attacker-controlled
length field in its packet parser. A reader with the ability to send crafted
packets can trigger an out-of-bounds read in the parser's response handler.
For the disclosure-clock primitive that will render alongside this record, see Story 3.2. For the visual status-badge treatment, see Story 3.3.
dukpt (2026). "Synthetic verification advisory (CVE-2026-99999)". newt lab research. https://newt-lab.com/en/research/cve-2026-99999-verification/