Table of Contents
Fetching ...

VulnResolver: A Hybrid Agent Framework for LLM-Based Automated Vulnerability Issue Resolution

Mingming Zhang, Xu Wang, Jian Zhang, Xiangxin Meng, Jiayi Zhang, Chunming Hu

TL;DR

Vulnerability issue resolution remains challenging due to reliance on human expertise and limited context in automated tools. VulnResolver addresses this by integrating a deterministic, workflow-driven repair backbone with two specialized agents—CPCAgent for adaptive context collection and SPAAgent for safety-property reasoning—producing enhanced issue reports that improve vulnerability localization and patch generation. Empirical results on SEC-bench Lite and Full demonstrate state-of-the-art performance, with a $75\%$ resolution rate on Lite and $67.5\%$ on Full, alongside substantial ablation gains confirming the value of both agents and two-stage enhancement. The framework advances end-to-end automated vulnerability repair by combining stable workflows with intelligent, security-aware reasoning, offering practical improvements for automatically mitigating real-world vulnerabilities.

Abstract

As software systems grow in complexity, security vulnerabilities have become increasingly prevalent, posing serious risks and economic costs. Although automated detection tools such as fuzzers have advanced considerably, effective resolution still often depends on human expertise. Existing automated vulnerability repair (AVR) methods rely heavily on manually provided annotations (e.g., fault locations or CWE labels), which are often difficult and time-consuming to obtain, while overlooking the rich, naturally embedded semantic context found in issue reports from developers. In this paper, we present VulnResolver, the first LLM-based hybrid agent framework for automated vulnerability issue resolution. VulnResolver unites the adaptability of autonomous agents with the stability of workflow-guided repair through two specialized agents. The Context Pre-Collection Agent (CPCAgent) adaptively explores the repository to gather dependency and contextual information, while the Safety Property Analysis Agent (SPAAgent) generates and validates the safety properties violated by vulnerabilities. Together, these agents produce structured analyses that enrich the original issue reports, enabling more accurate vulnerability localization and patch generation. Evaluations on the SEC-bench benchmark show that VulnResolver resolves 75% of issues on SEC-bench Lite, achieving the best resolution performance. On SEC-bench Full, VulnResolver also significantly outperforms the strongest baseline, the agent-based OpenHands, confirming its effectiveness. Overall, VulnResolver delivers an adaptive and security-aware framework that advances end-to-end automated vulnerability issue resolution through workflow stability and the specialized agents' capabilities in contextual reasoning and property-based analysis.

VulnResolver: A Hybrid Agent Framework for LLM-Based Automated Vulnerability Issue Resolution

TL;DR

Vulnerability issue resolution remains challenging due to reliance on human expertise and limited context in automated tools. VulnResolver addresses this by integrating a deterministic, workflow-driven repair backbone with two specialized agents—CPCAgent for adaptive context collection and SPAAgent for safety-property reasoning—producing enhanced issue reports that improve vulnerability localization and patch generation. Empirical results on SEC-bench Lite and Full demonstrate state-of-the-art performance, with a resolution rate on Lite and on Full, alongside substantial ablation gains confirming the value of both agents and two-stage enhancement. The framework advances end-to-end automated vulnerability repair by combining stable workflows with intelligent, security-aware reasoning, offering practical improvements for automatically mitigating real-world vulnerabilities.

Abstract

As software systems grow in complexity, security vulnerabilities have become increasingly prevalent, posing serious risks and economic costs. Although automated detection tools such as fuzzers have advanced considerably, effective resolution still often depends on human expertise. Existing automated vulnerability repair (AVR) methods rely heavily on manually provided annotations (e.g., fault locations or CWE labels), which are often difficult and time-consuming to obtain, while overlooking the rich, naturally embedded semantic context found in issue reports from developers. In this paper, we present VulnResolver, the first LLM-based hybrid agent framework for automated vulnerability issue resolution. VulnResolver unites the adaptability of autonomous agents with the stability of workflow-guided repair through two specialized agents. The Context Pre-Collection Agent (CPCAgent) adaptively explores the repository to gather dependency and contextual information, while the Safety Property Analysis Agent (SPAAgent) generates and validates the safety properties violated by vulnerabilities. Together, these agents produce structured analyses that enrich the original issue reports, enabling more accurate vulnerability localization and patch generation. Evaluations on the SEC-bench benchmark show that VulnResolver resolves 75% of issues on SEC-bench Lite, achieving the best resolution performance. On SEC-bench Full, VulnResolver also significantly outperforms the strongest baseline, the agent-based OpenHands, confirming its effectiveness. Overall, VulnResolver delivers an adaptive and security-aware framework that advances end-to-end automated vulnerability issue resolution through workflow stability and the specialized agents' capabilities in contextual reasoning and property-based analysis.
Paper Structure (38 sections, 4 figures, 8 tables)

This paper contains 38 sections, 4 figures, 8 tables.

Figures (4)

  • Figure 1: An Overview of VulnResolver. Our approach integrates agents into a workflow. Two LLM-based agents are introduced, each achieving its objective with support from 82 toolkits. 83 CPCAgent, with Code Search Toolkit and Code Symbol Analysis Toolkit, adaptively collects context to generate the I. Context Analysis Report. 84 SPAAgent, supported by five toolkits, generates safety properties through assertion insertion, which are dynamically validated and iteratively refined, resulting in the II. Property Analysis Report. These reports, combined with the original issue report, form an enhanced issue report that drives our 85 workflow. The LLM-based workflow resolves issues through vulnerability localization, patch generation, and patch selection.
  • Figure 2: An Example Input to the resolve_code_symbol
  • Figure 3: Performance vs. Average Cost for Different Patch Space Sizes
  • Figure 4: Tool Usage Statistics of ${\text{VulnResolver\xspace}}_\text{full}$