Text Generation
PEFT
Safetensors
Transformers
llama
axolotl
lora
conversational
text-generation-inference
Instructions to use mx003/cve_model with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- PEFT
How to use mx003/cve_model with PEFT:
from peft import PeftModel from transformers import AutoModelForCausalLM base_model = AutoModelForCausalLM.from_pretrained("unsloth/Meta-Llama-3.1-8B-Instruct") model = PeftModel.from_pretrained(base_model, "mx003/cve_model") - Transformers
How to use mx003/cve_model with Transformers:
# Use a pipeline as a high-level helper from transformers import pipeline pipe = pipeline("text-generation", model="mx003/cve_model") messages = [ {"role": "user", "content": "Who are you?"}, ] pipe(messages)# Load model directly from transformers import AutoTokenizer, AutoModelForCausalLM tokenizer = AutoTokenizer.from_pretrained("mx003/cve_model") model = AutoModelForCausalLM.from_pretrained("mx003/cve_model") messages = [ {"role": "user", "content": "Who are you?"}, ] inputs = tokenizer.apply_chat_template( messages, add_generation_prompt=True, tokenize=True, return_dict=True, return_tensors="pt", ).to(model.device) outputs = model.generate(**inputs, max_new_tokens=40) print(tokenizer.decode(outputs[0][inputs["input_ids"].shape[-1]:])) - Notebooks
- Google Colab
- Kaggle
- Local Apps Settings
- vLLM
How to use mx003/cve_model with vLLM:
Install from pip and serve model
# Install vLLM from pip: pip install vllm # Start the vLLM server: vllm serve "mx003/cve_model" # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:8000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "mx003/cve_model", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }'Use Docker
docker model run hf.co/mx003/cve_model
- SGLang
How to use mx003/cve_model with SGLang:
Install from pip and serve model
# Install SGLang from pip: pip install sglang # Start the SGLang server: python3 -m sglang.launch_server \ --model-path "mx003/cve_model" \ --host 0.0.0.0 \ --port 30000 # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:30000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "mx003/cve_model", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }'Use Docker images
docker run --gpus all \ --shm-size 32g \ -p 30000:30000 \ -v ~/.cache/huggingface:/root/.cache/huggingface \ --env "HF_TOKEN=<secret>" \ --ipc=host \ lmsysorg/sglang:latest \ python3 -m sglang.launch_server \ --model-path "mx003/cve_model" \ --host 0.0.0.0 \ --port 30000 # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:30000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "mx003/cve_model", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }' - Docker Model Runner
How to use mx003/cve_model with Docker Model Runner:
docker model run hf.co/mx003/cve_model
| [2026-04-05 19:39:57,659] [DEBUG] [axolotl.utils.config.log_gpu_memory_usage:127] [PID:2580] baseline 0.000GB () | |
| [2026-04-05 19:39:57,660] [INFO] [axolotl.cli.config.load_cfg:248] [PID:2580] config: | |
| { | |
| "activation_offloading": false, | |
| "adapter": "lora", | |
| "axolotl_config_path": "config.yaml", | |
| "base_model": "unsloth/Meta-Llama-3.1-8B-Instruct", | |
| "base_model_config": "unsloth/Meta-Llama-3.1-8B-Instruct", | |
| "batch_size": 8, | |
| "bf16": true, | |
| "capabilities": { | |
| "bf16": true, | |
| "compute_capability": "sm_90", | |
| "fp8": false, | |
| "n_gpu": 1, | |
| "n_node": 1 | |
| }, | |
| "context_parallel_size": 1, | |
| "dataloader_num_workers": 1, | |
| "dataloader_pin_memory": true, | |
| "dataloader_prefetch_factor": 256, | |
| "dataset_processes": 26, | |
| "datasets": [ | |
| { | |
| "chat_template": "tokenizer_default", | |
| "field_messages": "messages", | |
| "message_property_mappings": { | |
| "content": "content", | |
| "role": "role" | |
| }, | |
| "path": "mx003/cve", | |
| "trust_remote_code": false, | |
| "type": "chat_template" | |
| } | |
| ], | |
| "ddp": false, | |
| "device": "cuda:0", | |
| "device_map": "auto", | |
| "dion_rank_fraction": 1.0, | |
| "dion_rank_multiple_of": 1, | |
| "env_capabilities": { | |
| "torch_version": "2.7.1" | |
| }, | |
| "eval_batch_size": 2, | |
| "eval_causal_lm_metrics": [ | |
| "sacrebleu", | |
| "comet", | |
| "ter", | |
| "chrf" | |
| ], | |
| "eval_max_new_tokens": 128, | |
| "eval_sample_packing": true, | |
| "eval_table_size": 0, | |
| "experimental_skip_move_to_device": true, | |
| "flash_attention": true, | |
| "fp16": false, | |
| "gradient_accumulation_steps": 4, | |
| "gradient_checkpointing": true, | |
| "gradient_checkpointing_kwargs": { | |
| "use_reentrant": true | |
| }, | |
| "group_by_length": true, | |
| "include_tkps": true, | |
| "is_llama_derived_model": true, | |
| "learning_rate": 0.0002, | |
| "lisa_layers_attribute": "model.layers", | |
| "load_best_model_at_end": false, | |
| "load_in_4bit": false, | |
| "load_in_8bit": false, | |
| "local_rank": 0, | |
| "lora_alpha": 64, | |
| "lora_dropout": 0.05, | |
| "lora_model_dir": "./outputs/mymodel", | |
| "lora_r": 32, | |
| "lora_target_modules": [ | |
| "q_proj", | |
| "v_proj", | |
| "k_proj", | |
| "o_proj", | |
| "gate_proj", | |
| "down_proj", | |
| "up_proj" | |
| ], | |
| "loraplus_lr_embedding": 1e-06, | |
| "lr_scheduler": "cosine", | |
| "mean_resizing_embeddings": false, | |
| "micro_batch_size": 2, | |
| "model_config_type": "llama", | |
| "num_epochs": 3.0, | |
| "optimizer": "adamw_torch", | |
| "output_dir": "./outputs/mymodel", | |
| "pad_to_sequence_len": true, | |
| "pretrain_multipack_attn": true, | |
| "profiler_steps_start": 0, | |
| "qlora_sharded_model_loading": false, | |
| "ray_num_workers": 1, | |
| "resources_per_worker": { | |
| "GPU": 1 | |
| }, | |
| "sample_packing": true, | |
| "sample_packing_bin_size": 200, | |
| "sample_packing_group_size": 100000, | |
| "save_only_model": false, | |
| "save_safetensors": true, | |
| "save_steps": 50, | |
| "sequence_len": 4096, | |
| "shuffle_before_merging_datasets": false, | |
| "shuffle_merged_datasets": true, | |
| "skip_prepare_dataset": false, | |
| "streaming_multipack_buffer_size": 10000, | |
| "strict": false, | |
| "tensor_parallel_size": 1, | |
| "tiled_mlp_use_original_mlp": true, | |
| "tokenizer_config": "unsloth/Meta-Llama-3.1-8B-Instruct", | |
| "tokenizer_save_jinja_files": true, | |
| "torch_dtype": "torch.bfloat16", | |
| "train_on_inputs": false, | |
| "trl": { | |
| "log_completions": false, | |
| "mask_truncated_completions": false, | |
| "ref_model_mixup_alpha": 0.9, | |
| "ref_model_sync_steps": 64, | |
| "scale_rewards": true, | |
| "sync_ref_model": false, | |
| "use_vllm": false, | |
| "vllm_server_host": "0.0.0.0", | |
| "vllm_server_port": 8000 | |
| }, | |
| "use_ray": false, | |
| "val_set_size": 0.0, | |
| "vllm": { | |
| "device": "auto", | |
| "dtype": "auto", | |
| "gpu_memory_utilization": 0.9, | |
| "host": "0.0.0.0", | |
| "port": 8000 | |
| }, | |
| "weight_decay": 0.0, | |
| "world_size": 1 | |
| } | |
| [2026-04-05 19:39:57,664] [INFO] [axolotl.cli.utils.load.load_model_and_tokenizer:40] [PID:2580] loading tokenizer... unsloth/Meta-Llama-3.1-8B-Instruct | |
| [2026-04-05 19:39:58,793] [DEBUG] [axolotl.loaders.tokenizer.load_tokenizer:278] [PID:2580] EOS: 128009 / <|eot_id|> | |
| [2026-04-05 19:39:58,794] [DEBUG] [axolotl.loaders.tokenizer.load_tokenizer:279] [PID:2580] BOS: 128000 / <|begin_of_text|> | |
| [2026-04-05 19:39:58,795] [DEBUG] [axolotl.loaders.tokenizer.load_tokenizer:280] [PID:2580] PAD: 128004 / <|finetune_right_pad_id|> | |
| [2026-04-05 19:39:58,796] [DEBUG] [axolotl.loaders.tokenizer.load_tokenizer:281] [PID:2580] UNK: None / None | |
| [2026-04-05 19:39:58,797] [INFO] [axolotl.cli.utils.load.load_model_and_tokenizer:43] [PID:2580] loading model... | |
| [2026-04-05 19:39:58,924] [DEBUG] [axolotl.monkeypatch.transformers.trainer_loss_calc.patch_evaluation_loop:87] [PID:2580] Patched Trainer.evaluation_loop with nanmean loss calculation | |
| [2026-04-05 19:39:58,927] [DEBUG] [axolotl.monkeypatch.transformers.trainer_loss_calc.patch_maybe_log_save_evaluate:138] [PID:2580] Patched Trainer._maybe_log_save_evaluate with nanmean loss calculation | |
| Loading checkpoint shards: 0%| | 0/4 [00:00<?, ?it/s] Loading checkpoint shards: 25%|█████████████████████▎ | 1/4 [00:01<00:03, 1.02s/it] Loading checkpoint shards: 50%|██████████████████████████████████████████▌ | 2/4 [00:02<00:02, 1.05s/it] Loading checkpoint shards: 75%|███████████████████████████████████████████████████████████████▊ | 3/4 [00:03<00:01, 1.05s/it] Loading checkpoint shards: 100%|█████████████████████████████████████████████████████████████████████████████████████| 4/4 [00:03<00:00, 1.36it/s] Loading checkpoint shards: 100%|█████████████████████████████████████████████████████████████████████████████████████| 4/4 [00:03<00:00, 1.18it/s] | |
| [2026-04-05 19:40:03,363] [INFO] [axolotl.loaders.model._configure_embedding_dtypes:345] [PID:2580] Converting modules to torch.bfloat16 | |
| [2026-04-05 19:40:03,369] [DEBUG] [axolotl.loaders.model.log_gpu_memory_usage:127] [PID:2580] Memory usage after model load 17.894GB (+17.894GB allocated, +18.873GB reserved) | |
| [2026-04-05 19:40:03,370] [DEBUG] [axolotl.loaders.adapter.load_lora:143] [PID:2580] Loading pretrained PEFT - LoRA | |
| trainable params: 83,886,080 || all params: 8,114,147,328 || trainable 1.0338 | |
| [2026-04-05 19:40:14,800] [DEBUG] [axolotl.loaders.model.log_gpu_memory_usage:127] [PID:2580] after adapters 15.583GB (+15.583GB allocated, +19.170GB reserved) | |
| ================================================================================ | |
| Give me an instruction (Ctrl + D to submit): | |
| ================================================================================ | |
| ================================================================================ | |
| <|begin_of_text|><|start_header_id|>system<|end_header_id|> | |
| Cutting Knowledge Date: December 2023 | |
| Today Date: 26 Jul 2024 | |
| <|eot_id|><|start_header_id|>user<|end_header_id|> | |
| { | |
| "dataType": "CVE_RECORD", | |
| "cveMetadata": { | |
| "state": "PUBLISHED", | |
| "cveId": "CVE-2026-30286", | |
| "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | |
| "assignerShortName": "mitre", | |
| "dateUpdated": "2026-04-02T14:27:23.319Z", | |
| "dateReserved": "2026-03-04T00:00:00.000Z", | |
| "datePublished": "2026-03-31T00:00:00.000Z" | |
| }, | |
| "containers": { | |
| "cna": { | |
| "providerMetadata": { | |
| "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | |
| "shortName": "mitre", | |
| "dateUpdated": "2026-03-31T18:02:36.652Z" | |
| }, | |
| "descriptions": [ | |
| { | |
| "lang": "en", | |
| "value": "An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure." | |
| } | |
| ], | |
| "affected": [ | |
| { | |
| "vendor": "n/a", | |
| "product": "n/a", | |
| "versions": [ | |
| { | |
| "version": "n/a", | |
| "status": "affected" | |
| } | |
| ] | |
| } | |
| ], | |
| "references": [ | |
| { | |
| "url": "https://secsys.fudan.edu.cn/" | |
| }, | |
| { | |
| "url": "https://play.google.com/store/apps/details?id=com.funambol.zefiro" | |
| }, | |
| { | |
| "url": "https://zefiro.me/" | |
| }, | |
| { | |
| "url": "https://github.com/Secsys-FDU/AF_CVEs/issues/14" | |
| } | |
| ], | |
| "problemTypes": [ | |
| { | |
| "descriptions": [ | |
| { | |
| "type": "text", | |
| "lang": "en", | |
| "description": "n/a" | |
| } | |
| ] | |
| } | |
| ] | |
| }, | |
| "adp": [ | |
| { | |
| "problemTypes": [ | |
| { | |
| "descriptions": [ | |
| { | |
| "type": "CWE", | |
| "cweId": "CWE-22", | |
| "lang": "en", | |
| "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" | |
| } | |
| ] | |
| } | |
| ], | |
| "metrics": [ | |
| { | |
| "cvssV3_1": { | |
| "scope": "UNCHANGED", | |
| "version": "3.1", | |
| "baseScore": 9.8, | |
| "attackVector": "NETWORK", | |
| "baseSeverity": "CRITICAL", | |
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", | |
| "integrityImpact": "HIGH", | |
| "userInteraction": "NONE", | |
| "attackComplexity": "LOW", | |
| "availabilityImpact": "HIGH", | |
| "privilegesRequired": "NONE", | |
| "confidentialityImpact": "HIGH" | |
| } | |
| }, | |
| { | |
| "other": { | |
| "type": "ssvc", | |
| "content": { | |
| "timestamp": "2026-04-02T14:25:59.512724Z", | |
| "id": "CVE-2026-30286", | |
| "options": [ | |
| { | |
| "Exploitation": "none" | |
| }, | |
| { | |
| "Automatable": "yes" | |
| }, | |
| { | |
| "Technical Impact": "total" | |
| } | |
| ], | |
| "role": "CISA Coordinator", | |
| "version": "2.0.3" | |
| } | |
| } | |
| } | |
| ], | |
| "title": "CISA ADP Vulnrichment", | |
| "providerMetadata": { | |
| "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", | |
| "shortName": "CISA-ADP", | |
| "dateUpdated": "2026-04-02T14:27:23.319Z" | |
| } | |
| } | |
| ] | |
| }, | |
| "dataVersion": "5.2" | |
| } | |
| """<|eot_id|><|start_header_id|>assistant<|end_header_id|> | |
| This is a JSON object representing a CVE (Common Vulnerabilities and Exposures) record. Here's a breakdown of its contents: | |
| **CVE ID:** CVE-2026-30286 | |
| **Vulnerability Type:** Arbitrary file overwrite vulnerability | |
| **Affected System:** Funambol, Inc. Zefiro Cloud version 32.0.2026011614 | |
| **Description:** An attacker can exploit this vulnerability by importing files through the file import process, which allows them to overwrite critical internal files on the system. This can lead to arbitrary code execution or information exposure. | |
| **References:** | |
| * https://secsys.fudan.edu.cn/ | |
| * https://play.google.com/store/apps/details?id=com.funambol.zefiro | |
| * https://zefiro.me/ | |
| * https://github.com/Secsys-FDU/AF_CVEs/issues/14 | |
| **CVSS Version:** 3.1 | |
| **CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |
| **Base Score:** 9.8 | |
| **Severity Label:** CRITICAL | |
| **Other Information:** | |
| * Exploited by: Remote attacker | |
| * Privileges required: None | |
| * User interaction: None | |
| * Attack vector: Network | |
| * Integrity impact: High | |
| * Availability impact: High | |
| * Confidentiality impact: High | |
| Note that the vendor and product names are missing from the affected container. This might be due to incomplete data in the provided JSON object.<|eot_id|> | |
| ================================================================================ | |
| <|begin_of_text|><|start_header_id|>system<|end_header_id|> | |
| Cutting Knowledge Date: December 2023 | |
| Today Date: 26 Jul 2024 | |
| <|eot_id|><|start_header_id|>user<|end_header_id|> | |
| { | |
| "dataType": "CVE_RECORD", | |
| "cveMetadata": { | |
| "state": "PUBLISHED", | |
| "cveId": "CVE-2026-30286", | |
| "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | |
| "assignerShortName": "mitre", | |
| "dateUpdated": "2026-04-02T14:27:23.319Z", | |
| "dateReserved": "2026-03-04T00:00:00.000Z", | |
| "datePublished": "2026-03-31T00:00:00.000Z" | |
| }, | |
| "containers": { | |
| "cna": { | |
| "providerMetadata": { | |
| "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | |
| "shortName": "mitre", | |
| "dateUpdated": "2026-03-31T18:02:36.652Z" | |
| }, | |
| "descriptions": [ | |
| { | |
| "lang": "en", | |
| "value": "An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure." | |
| } | |
| ], | |
| "affected": [ | |
| { | |
| "vendor": "n/a", | |
| "product": "n/a", | |
| "versions": [ | |
| { | |
| "version": "n/a", | |
| "status": "affected" | |
| } | |
| ] | |
| } | |
| ], | |
| "references": [ | |
| { | |
| "url": "https://secsys.fudan.edu.cn/" | |
| }, | |
| { | |
| "url": "https://play.google.com/store/apps/details?id=com.funambol.zefiro" | |
| }, | |
| { | |
| "url": "https://zefiro.me/" | |
| }, | |
| { | |
| "url": "https://github.com/Secsys-FDU/AF_CVEs/issues/14" | |
| } | |
| ], | |
| "problemTypes": [ | |
| { | |
| "descriptions": [ | |
| { | |
| "type": "text", | |
| "lang": "en", | |
| "description": "n/a" | |
| } | |
| ] | |
| } | |
| ] | |
| }, | |
| "adp": [ | |
| { | |
| "problemTypes": [ | |
| { | |
| "descriptions": [ | |
| { | |
| "type": "CWE", | |
| "cweId": "CWE-22", | |
| "lang": "en", | |
| "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" | |
| } | |
| ] | |
| } | |
| ], | |
| "metrics": [ | |
| { | |
| "cvssV3_1": { | |
| "scope": "UNCHANGED", | |
| "version": "3.1", | |
| "baseScore": 9.8, | |
| "attackVector": "NETWORK", | |
| "baseSeverity": "CRITICAL", | |
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", | |
| "integrityImpact": "HIGH", | |
| "userInteraction": "NONE", | |
| "attackComplexity": "LOW", | |
| "availabilityImpact": "HIGH", | |
| "privilegesRequired": "NONE", | |
| "confidentialityImpact": "HIGH" | |
| } | |
| }, | |
| { | |
| "other": { | |
| "type": "ssvc", | |
| "content": { | |
| "timestamp": "2026-04-02T14:25:59.512724Z", | |
| "id": "CVE-2026-30286", | |
| "options": [ | |
| { | |
| "Exploitation": "none" | |
| }, | |
| { | |
| "Automatable": "yes" | |
| }, | |
| { | |
| "Technical Impact": "total" | |
| } | |
| ], | |
| "role": "CISA Coordinator", | |
| "version": "2.0.3" | |
| } | |
| } | |
| } | |
| ], | |
| "title": "CISA ADP Vulnrichment", | |
| "providerMetadata": { | |
| "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", | |
| "shortName": "CISA-ADP", | |
| "dateUpdated": "2026-04-02T14:27:23.319Z" | |
| } | |
| } | |
| ] | |
| }, | |
| "dataVersion": "5.2" | |
| } | |
| """<|eot_id|><|start_header_id|>assistant<|end_header_id|> | |
| This is a JSON object representing a CVE (Common Vulnerabilities and Exposures) record. Here's a breakdown of its contents: | |
| **CVE ID:** CVE-2026-30286 | |
| **Vulnerability Type:** Arbitrary file overwrite vulnerability | |
| **Affected System:** Funambol, Inc. Zefiro Cloud version 32.0.2026011614 | |
| **Description:** An attacker can exploit this vulnerability by importing files through the file import process, which allows them to overwrite critical internal files on the system. This can lead to arbitrary code execution or information exposure. | |
| **References:** | |
| * https://secsys.fudan.edu.cn/ | |
| * https://play.google.com/store/apps/details?id=com.funambol.zefiro | |
| * https://zefiro.me/ | |
| * https://github.com/Secsys-FDU/AF_CVEs/issues/14 | |
| **CVSS Version:** 3.1 | |
| **CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |
| **Base Score:** 9.8 | |
| **Severity Label:** CRITICAL | |
| **Other Information:** | |
| * Exploited by: Remote attacker | |
| * Privileges required: None | |
| * User interaction: None | |
| * Attack vector: Network | |
| * Integrity impact: High | |
| * Availability impact: High | |
| * Confidentiality impact: High | |
| Note that the vendor and product names are missing from the affected container. This might be due to incomplete data in the provided JSON object.<|eot_id|> | |
| ================================================================================ | |
| Give me an instruction (Ctrl + D to submit): | |
| ================================================================================ | |
| ================================================================================ | |
| <|begin_of_text|><|start_header_id|>system<|end_header_id|> | |
| Cutting Knowledge Date: December 2023 | |
| Today Date: 26 Jul 2024 | |
| <|eot_id|><|start_header_id|>user<|end_header_id|> | |
| # 1. Ensure the model is ready for fast inference | |
| from unsloth import FastLanguageModel | |
| FastLanguageModel.for_inference(model) | |
| # 2. Define the raw CVE string (The one you just sent me) | |
| # I've used a triple-quoted string to handle the internal quotes correctly. | |
| raw_cve_input = """ | |
| { | |
| "dataType": "CVE_RECORD", | |
| "cveMetadata": { | |
| "state": "PUBLISHED", | |
| "cveId": "CVE-2026-30286", | |
| "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | |
| "assignerShortName": "mitre", | |
| "dateUpdated": "2026-04-02T14:27:23.319Z", | |
| "dateReserved": "2026-03-04T00:00:00.000Z", | |
| "datePublished": "2026-03-31T00:00:00.000Z" | |
| }, | |
| "containers": { | |
| "cna": { | |
| "providerMetadata": { | |
| "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | |
| "shortName": "mitre", | |
| "dateUpdated": "2026-03-31T18:02:36.652Z" | |
| }, | |
| "descriptions": [ | |
| { | |
| "lang": "en", | |
| "value": "An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure." | |
| } | |
| ], | |
| "affected": [ | |
| { | |
| "vendor": "n/a", | |
| "product": "n/a", | |
| "versions": [ | |
| { | |
| "version": "n/a", | |
| "status": "affected" | |
| } | |
| ] | |
| } | |
| ], | |
| "references": [ | |
| { | |
| "url": "https://secsys.fudan.edu.cn/" | |
| }, | |
| { | |
| "url": "https://play.google.com/store/apps/details?id=com.funambol.zefiro" | |
| }, | |
| { | |
| "url": "https://zefiro.me/" | |
| }, | |
| { | |
| "url": "https://github.com/Secsys-FDU/AF_CVEs/issues/14" | |
| } | |
| ], | |
| "problemTypes": [ | |
| { | |
| "descriptions": [ | |
| { | |
| "type": "text", | |
| "lang": "en", | |
| "description": "n/a" | |
| } | |
| ] | |
| } | |
| ] | |
| }, | |
| "adp": [ | |
| { | |
| "problemTypes": [ | |
| { | |
| "descriptions": [ | |
| { | |
| "type": "CWE", | |
| "cweId": "CWE-22", | |
| "lang": "en", | |
| "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" | |
| } | |
| ] | |
| } | |
| ], | |
| "metrics": [ | |
| { | |
| "cvssV3_1": { | |
| "scope": "UNCHANGED", | |
| "version": "3.1", | |
| "baseScore": 9.8, | |
| "attackVector": "NETWORK", | |
| "baseSeverity": "CRITICAL", | |
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", | |
| "integrityImpact": "HIGH", | |
| "userInteraction": "NONE", | |
| "attackComplexity": "LOW", | |
| "availabilityImpact": "HIGH", | |
| "privilegesRequired": "NONE", | |
| "confidentialityImpact": "HIGH" | |
| } | |
| }, | |
| { | |
| "other": { | |
| "type": "ssvc", | |
| "content": { | |
| "timestamp": "2026-04-02T14:25:59.512724Z", | |
| "id": "CVE-2026-30286", | |
| "options": [ | |
| { | |
| "Exploitation": "none" | |
| }, | |
| { | |
| "Automatable": "yes" | |
| }, | |
| { | |
| "Technical Impact": "total" | |
| } | |
| ], | |
| "role": "CISA Coordinator", | |
| "version": "2.0.3" | |
| } | |
| } | |
| } | |
| ], | |
| "title": "CISA ADP Vulnrichment", | |
| "providerMetadata": { | |
| "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", | |
| "shortName": "CISA-ADP", | |
| "dateUpdated": "2026-04-02T14:27:23.319Z" | |
| } | |
| } | |
| ] | |
| }, | |
| "dataVersion": "5.2" | |
| } | |
| """ | |
| # 3. Format the message exactly like the training data | |
| messages = [ | |
| { | |
| "role": "system", | |
| "content": "You are an elite cybersecurity data extraction AI. \nYour task is to analyze raw CVE JSON records and convert them into a normalized semantic JSON schema. \nAnalyze the CWE types, CVSS vectors, and descriptions to predict the 'threat_information' and'severity' fields accurately.\nYou must output ONLY valid JSON. Do not include markdown formatting, explanations, or any other text." | |
| }, | |
| { | |
| "role": "user", | |
| "content": f"Convert this raw CVE record into the semantic schema:\n{raw_cve_input}" | |
| } | |
| ] | |
| # 4. Tokenize and prepare the GPU inputs | |
| inputs = tokenizer.apply_chat_template( | |
| messages, | |
| tokenize = True, | |
| add_generation_prompt = True, # Tells Llama "Now it's your turn to generate" | |
| return_tensors = "pt", | |
| ).to("cuda") | |
| # 5. Execute Generation | |
| print("Model Output:\n" + "-"*40) | |
| outputs = model.generate( | |
| input_ids = inputs, | |
| max_new_tokens = 512, | |
| use_cache = True, | |
| temperature = 0.1, # Keep it low for structural accuracy | |
| ) | |
| # 6. Decode and show only the new assistant response | |
| input_length = inputs.shape[1] | |
| final_response = tokenizer.decode(outputs[0][input_length:], skip_special_tokens=True) | |
| print(final_response)<|eot_id|><|start_header_id|>assistant<|end_header_id|> | |
| To ensure the model is ready for fast inference, we need to create an instance of `FastLanguageModel` with our pre-trained model and then call its `for_inference` method. | |
| ```python | |
| from unsloth import FastLanguageModel | |
| model_name = "your_model_name" # Replace with your actual model name | |
| model = FastLanguageModel.from_pretrained(model_name) | |
| model.for_inference() | |
| ``` | |
| Next, let's proceed with defining the raw CVE string as given in the problem statement: | |
| ```python | |
| raw_cve_input = """ | |
| { | |
| "dataType": "CVE_RECORD", | |
| "cveMetadata": { | |
| "state": "PUBLISHED", | |
| "cveId": "CVE-2026-30286", | |
| "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | |
| "assignerShortName": "mitre", | |
| "dateUpdated": "2026-04-02T14:27:23.319Z", | |
| "dateReserved": "2026-03-04T00:00:00.000Z", | |
| "datePublished": "2026-03-31T00:00:00.000Z" | |
| }, | |
| "containers": { | |
| "cna": { | |
| "providerMetadata": { | |
| "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | |
| "shortName": "mitre", | |
| "dateUpdated": "2026-03-31T18:02:36.652Z" | |
| }, | |
| "descriptions": [ | |
| { | |
| "lang": "en", | |
| "value": "An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure." | |
| } | |
| ], | |
| "affected": [ | |
| { | |
| "vendor": "n/a", | |
| "product": "n/a", | |
| "versions": [ | |
| { | |
| "version": "n/a", | |
| "status": "affected" | |
| } | |
| ] | |
| } | |
| ], | |
| "references": [ | |
| { | |
| "url": "https://secsys.fudan.edu.cn/" | |
| }, | |
| { | |
| "url": "https://play.google.com/store/apps/details?id=com.funambol.zefiro" | |
| }, | |
| { | |
| "url": "https://zefiro.me/" | |
| }, | |
| { | |
| "url": "https://github.com/Secsys-FDU/AF_CVEs/issues/14" | |
| } | |
| ], | |
| "problemTypes": [ | |
| { | |
| "descriptions": [ | |
| { | |
| "type": "text", | |
| "lang": "en", | |
| "description": "n/a" | |
| } | |
| ] | |
| } | |
| ] | |
| }, | |
| "adp": [ | |
| { | |
| "problemTypes": [ | |
| { | |
| "descriptions": [ | |
| { | |
| "type": "CWE", | |
| "cweId": "CWE-22", | |
| "lang": "en", | |
| "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" | |
| } | |
| ] | |
| } | |
| ], | |
| "metrics": [ | |
| { | |
| "cvssV3_1": { | |
| "scope": "UNCHANGED", | |
| "version": "3.1", | |
| "baseScore": 9.8, | |
| "attackVector": "NETWORK", | |
| "baseSeverity": "CRITICAL", | |
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", | |
| "integrityImpact": "HIGH", | |
| "userInteraction": "NONE", | |
| "attackComplexity": "LOW", | |
| "availabilityImpact": "HIGH", | |
| "privilegesRequired": "NONE", | |
| "confidentialityImpact": "HIGH" | |
| } | |
| }, | |
| { | |
| "other": { | |
| "type": "ssvc", | |
| "content": { | |
| "timestamp": "2026-04-02T14:25:59.512724Z", | |
| "id": "CVE-2026-30286", | |
| "options": [ | |
| { | |
| "Exploitation": "none" | |
| }, | |
| { | |
| "Automatable": "yes" | |
| }, | |
| { | |
| "Technical Impact": "total" | |
| } | |
| ], | |
| "role": "CISA Coordinator", | |
| "version": "2.0.3" | |
| } | |
| } | |
| } | |
| ], | |
| "title": "CISA ADP Vulnrichment", | |
| "providerMetadata": { | |
| "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0 | |