INCIDENT
CodeQL - QLCoder tool that synthesizes CodeQL queries to find
QLCoder tool that synthesizes CodeQL queries to find CVE patterns by extracting AST from patches and refining the query using CodeQL language server and MCP database.
Updated: 3/26/2026
high Severity
Status: active
Description
2/ QLCoder takes a CVE pattern and synthesizes an end-to-end CodeQL dataflow query to find it. We extract the CVE patch's AST to generate a query template, then a coding agent refines it using the CodeQL language server and a RAG database of docs via MCP.
Impact
QLCoder tool that synthesizes CodeQL queries to find CVE patterns by extracting AST from patches and refining the query using CodeQL language server and MCP database.
Attack Vectors
- CVE analysis
- CodeQL query generation
- CodeQL language server