Attack path: CVE-2026-55686
Where this CVE sits in the complete attacker lifecycle.
0 techniques directly attributed and 1 inferred, across 1 phase. Each technique shows its mapping confidence; follow-on techniques come from shared-actor co-occurrence.
Highlighted from CVE-2026-55686 · primary technique T1499.004
Reconnaissance
T1597.002
19.8x
Purchase Technical Data
T1591.003
19.8x
Identify Business Tempo
T1597.001
19.8x
Threat Intel Vendors
T1593.002
14.9x
Search Engines
T1597
14.9x
Search Closed Sources
T1591.001
11.9x
Determine Physical Locations
T1591.002
11.9x
Business Relationships
T1594
11.9x
Search Victim-Owned Websites
Resource Dev
Initial Access
·
Execution
·
Persistence
Priv Escalation
·
Stealth
·
Defense Impairment
·
Credential Access
·
Discovery
·
Lateral Movement
·
Collection
·
C2
·
Exfiltration
·
Impact
T1499.004
inferred
Application or System Exploitation
✓ detection content available
T1488
19.8x
Disk Content Wipe
T1499.003
19.8x
Application Exhaustion Flood
T1499.001
19.8x
OS Exhaustion Flood
✓ detection content available
T1499.002
13.2x
Service Exhaustion Flood
T1498.002
13.2x
Reflection Amplification
Want your real detection gaps for this chain?
Declare your detection stack - your rules, telemetry, and techniques - and we will show exactly which of these techniques you cannot see. We do not grade you against a public rule corpus, only against what you actually run.
Direct - an ATT&CK/nuclei source names this CVE
Inferred - derived via CWE/CAPEC (lower confidence, may be off)
Likely follow-on (shared-actor co-occurrence)
✓We hold public detection content
Lift = how strongly a follow-on co-occurs with this CVE across shared threat actors (1x expected, 5x highly distinctive).
Hunt package
All 16 techniques in this view - Sigma rules, Atomic tests, and coverage in one place.