Attack path: CVE-2026-14651
Where this CVE sits in the complete attacker lifecycle.
0 techniques directly attributed and 2 inferred, across 1 phase. Each technique shows its mapping confidence; follow-on techniques come from shared-actor co-occurrence.
Highlighted from CVE-2026-14651 · primary technique T1499
Reconnaissance
T1597
14.9x
Search Closed Sources
T1594
11.9x
Search Victim-Owned Websites
T1591.001
11.9x
Determine Physical Locations
T1591.002
11.9x
Business Relationships
T1591.003
7.4x
Identify Business Tempo
T1597.002
7.4x
Purchase Technical Data
T1597.001
7.4x
Threat Intel Vendors
T1593.002
5.6x
Search Engines
Resource Dev
Initial Access
·
Execution
·
Persistence
Priv Escalation
·
Defense Impairment
·
Credential Access
·
Discovery
·
Lateral Movement
·
Collection
·
C2
·
Exfiltration
·
Impact
T1499
inferred
Endpoint Denial of Service
✓ detection content available
T1499.004
inferred
Application or System Exploitation
✓ detection content available
T1498.002
7.4x
Reflection Amplification
T1488
7.4x
Disk Content Wipe
T1499.002
7.4x
Service Exhaustion Flood
T1499.003
7.4x
Application Exhaustion Flood
T1498.001
7.4x
Direct Network Flood
T1499.001
7.4x
OS Exhaustion Flood
✓ detection content available
Want your real detection gaps for this chain?
Declare your detection stack - your rules, telemetry, and techniques - and we will show exactly which of these techniques you cannot see. We do not grade you against a public rule corpus, only against what you actually run.
Direct - an ATT&CK/nuclei source names this CVE
Inferred - derived via CWE/CAPEC (lower confidence, may be off)
Likely follow-on (shared-actor co-occurrence)
✓We hold public detection content
Lift = how strongly a follow-on co-occurs with this CVE across shared threat actors (1x expected, 5x highly distinctive).
Hunt package
All 19 techniques in this view - Sigma rules, Atomic tests, and coverage in one place.