{
  "claim_outcome": "not_confirmed",
  "claim_block_reason": "fix_coverage",
  "repro_result": "confirmed",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "privilege_escalation",
  "observed_impact_class": "privilege_escalation",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "Authenticated non-admin management API session with enrollment permission; alternative enrollment methods (OTT-CA, UPDB) and list/detail/refresh/delete queries targeting admin enrollments",
  "trigger_path": "OpenZiti controller management API /edge/management/v1/enrollments alternative paths",
  "end_to_end_target_reached": false,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated": false,
  "blocking_mitigation": "The CVE-2026-58165 fix (3027fdffd) and its strengthened follow-up (5fb197935) block all tested variant paths. No bypass of the fixed code was demonstrated.",
  "inferred": false,
  "variant_bypass_verdict": {
    "distinct_variant_confirmed": false,
    "bypass_of_fixed_code_confirmed": false,
    "alternate_trigger_on_vulnerable_confirmed": true,
    "tested_refs": [
      "c2e6c8ee3da42321ef22442c8d25d0413caf4a4f",
      "3027fdffd3e57884487b7c46e5e669cfbc8becdf",
      "45b5046f5259e685d7d99e54564c7e38eec9f1f7"
    ],
    "notes": "OTT-CA and UPDB enrollment creation for admin identities, list/detail/refresh/delete of admin enrollments, and list query injection all succeed on the vulnerable commit and are blocked by both the original and strengthened fix. The unauthenticated /enroll token redemption returned 400/404 in the harness and is not considered a bypass."
  }
}
