Search papers, labs, and topics across Lattice.
This paper introduces KeaRepair, an innovative agentic approach to Automated Vulnerability Repair (AVR) that leverages multi-dimensional vulnerability knowledge and verified program facts to enhance patch generation. By employing a tool-augmented agent for ReAct-style reasoning, KeaRepair effectively diagnoses vulnerabilities and iteratively refines patches through a closed-loop validation process. Experimental results reveal that KeaRepair surpasses existing AVR methods, achieving an impressive 83.64% repair rate on C/C++ vulnerabilities and addressing unique cases that previous models could not fix.
KeaRepair not only achieves an 83.64% repair rate on C/C++ vulnerabilities but also tackles unique cases that existing methods fail to address.
Frontier foundation models have changed the math on vulnerability discovery, but the bigger challenge is how the remediation side keeps up. Despite recent progresses in Automated Vulnerability Repair (AVR), current solutions struggle to reliably identify the root causes of vulnerabilities, and insufficiently utilize the prior fix knowledge to guide the patch generation process, thus undermining their effectiveness in practice. To address this gap, we propose KeaRepair, a novel agentic AVR approach that grounds patch generation in verified program facts and high-level vulnerability knowledge. Specifically, KeaRepair first extracts multi-dimensional vulnerability knowledge from historical vulnerability-patch pairs from dual complementary views, and constructs dedicated retrieval knowledge bases. It then employs a tool-augmented agent that performs ReAct-style reasoning to collect verified program facts for vulnerability diagnosis. Finally, based on the diagnostic results, KeaRepair performs knowledge-level retrieval-augmented patch generation and iteratively refines patches through a closed-loop validation process involving compilation, PoC replay, and test-suite execution. Experimental results show that KeaRepair significantly outperforms existing AVR approaches on 55 reproducible C/C++ vulnerabilities. When paired with Gemini-3.1-Pro, KeaRepair successfully repairs 46 vulnerabilities, achieving a repair rate of 83.64%. Moreover, KeaRepair fixes six unique vulnerabilities that none of the baselines can address, and further demonstrates strong cross-language generalizability.