Home/ CVE-2026-56383/ Attack path

Attack path: CVE-2026-56383

Where this CVE sits in the complete attacker lifecycle. 0 techniques directly attributed and 1 inferred, across 1 phase. Each technique shows its mapping confidence; follow-on techniques come from shared-actor co-occurrence.
Highlighted from CVE-2026-56383 · primary technique T1059.007
Reconnaissance
T1595.003 1.8x
Wordlist Scanning
Resource Dev
T1583.008 1.8x
Malvertising
Initial Access
T1456 1.8x
Drive-By Compromise
Execution
T1059.007 inferred
JavaScript
✓ detection content available
T1059.008 1.8x
Network Device CLI
Persistence
T1137.006 1.8x
Add-ins
✓ detection content available
T1137.001 1.8x
Office Template Macros
Priv Escalation
T1546.001 1.8x
Change Default File Association
✓ detection content available
T1546.011 1.8x
Application Shimming
✓ detection content available
Stealth
T1218.007 1.8x
Msiexec
✓ detection content available
T1027.011 1.8x
Fileless Storage
Defense Impairment
·
Credential Access
·
Discovery
T1426 1.8x
System Information Discovery
Lateral Movement
·
Collection
T1213.006 1.8x
Databases
T1417 1.8x
Input Capture
C2
T1437.001 1.8x
Web Protocols
T1437 1.8x
Application Layer Protocol
Exfiltration
·
Impact
·
Want your real detection gaps for this chain?
Declare your detection stack - your rules, telemetry, and techniques - and we will show exactly which of these techniques you cannot see. We do not grade you against a public rule corpus, only against what you actually run.
Direct - an ATT&CK/nuclei source names this CVE Inferred - derived via CWE/CAPEC (lower confidence, may be off) Likely follow-on (shared-actor co-occurrence) We hold public detection content Lift = how strongly a follow-on co-occurs with this CVE across shared threat actors (1x expected, 5x highly distinctive).
Hunt package
All 16 techniques in this view - Sigma rules, Atomic tests, and coverage in one place.
Sigma rules Full technique
SOC and Response
Detection Engineering
Threat Hunting
Red Team and Pentest
Compliance and GRC
About
threatengine.sh