{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "POST /api/auditPublishing/getAll and adjacent candidate paths (GET /get/{bundleId}, body-shape variations, content-type variations, auth-bypass headers) against vulnerable dotCMS 26.04.28-02 and fixed dotCMS 26.04.28-03",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": ["postgres", "opensearch", "dotcms"],
  "proof_artifacts": [
    "logs/vuln_variant_reproduction_steps.log",
    "logs/vuln_variant_results.json",
    "logs/fixed_variant_results.json",
    "logs/vuln_variant_analysis.json",
    "vuln_variant/reproduction_steps.sh",
    "vuln_variant/patch_analysis.md",
    "vuln_variant/rca_report.md"
  ],
  "notes": "Negative variant result: no bypass or distinct alternate entry point confirmed on the fixed build."
}
