## https://sploitus.com/exploit?id=61C38206-1C85-5ACA-A29E-1B8B1036B563
# CVE Research Agent
A CVE research agent built on Claude Code + MCP. Give it a CVE ID and a vulnerable source tree โ it fetches the metadata, analyzes the patch diff, traces the flaw through the source, and writes a blog-ready research brief with PoC.
## What it does
1. Fetches CVE metadata from NVD and OSV
2. Finds and fetches the patch diff via GitHub
3. Reads the vulnerable source and traces the flaw source โ sink
4. Analyzes exploitability and patch completeness
5. Writes a research brief to `output/.md`
If it can't find the patch automatically, it stops and asks you for it.
## Setup
**Prerequisites:** Node 18+, Python 3.9+, Claude Code CLI
```bash
git clone https://github.com/av4nth1ka/cve-research-agent
cd cve-research-agent
# install the fetch MCP server
pip install mcp-server-fetch
```
Add your GitHub token to `.claude/settings.json`:
```json
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_yourtoken"
}
},
"fetch": {
"command": "python",
"args": ["-m", "mcp_server_fetch"]
}
}
}
```
Drop the vulnerable source into `src/`.
## Usage
```bash
# basic โ agent finds the patch itself
claude "Research CVE-2024-23897. Source is in src/. Write brief to output/CVE-2024-23897.md"
# with patch URL provided
claude "Research CVE-2026-53435. Source is in src/.
Patch diff: https://github.com/jenkinsci/jenkins/compare/jenkins-2.567...jenkins-2.568
Write brief to output/CVE-2026-53435.md"
```
Run from the project root so Claude Code picks up `CLAUDE.md` and `.claude/settings.json`.
## Output
Each run produces `output/.md` containing:
- Severity, CVSS, CWE, affected versions
- Patch analysis โ what changed and what it reveals
- Full source โ sink trace with file paths and line numbers
- Exploitation prerequisites and steps
- Annotated PoC
- Patch completeness assessment
- Blog draft outline
## Notes
- Tested on Java applications (Jenkins)