1/27/26 release branch (#3829)

* #3828 Update FAQs page

* #3827 Add 1 new CNA + Update 2 CNA's info

* cveListSearch: make all CVE ID only searches consistent by quoting the ID

---------

Co-authored-by: Roy Lane <rlane@mitre.org>

Author: rroberge

src/assets/data/CNAsList.json

@@ -12314,21 +12314,21 @@
     "CNA": {
       "isRoot": false,
       "root": {
-        "shortName": "n/a",
-        "organizationName": "n/a"
+        "shortName": "ENISA",
+        "organizationName": "EU Agency for Cybersecurity (ENISA)"
       },
-      "roles": [
-        {
-          "helpText": "",
-          "role": "CNA"
-        }
+      "type": [
+        "Vendor"
       ],
       "TLR": {
         "shortName": "mitre",
         "organizationName": "MITRE Corporation"
       },
-      "type": [
-        "Vendor"
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
       ]
     },
     "country": "Germany"
@@ -26831,7 +26831,7 @@
     "shortName": "AxxonSoft",
     "cnaID": "CNA-2025-0045",
     "organizationName": "AxxonSoft Limited",
-    "scope": "AxxonSoft products and solutions, GRUNDIG security products, and C-WERK software solutions.",
+    "scope": "AxxonSoft products and solutions, Abetechs GmbH products and solutions (GRUNDIG security products, and C-WERK software solutions).",
     "contact": [
       {
         "email": [
@@ -28076,7 +28076,7 @@
   },
   {
     "shortName": "Nintendo",
-    "cnaID": "CNA-2026-0004",
+    "cnaID": "CNA-2026-0005",
     "organizationName": "Nintendo Co., Ltd.",
     "scope": "System vulnerabilities regarding the Nintendo Switch 2, Nintendo Switch, Nintendo Switch Lite, and vulnerabilities regarding Nintendo Switch 2 and Nintendo Switch applications for which Nintendo is the publisher worldwide.",
     "contact": [
@@ -28129,5 +28129,65 @@
       ]
     },
     "country": "Japan"
+  },
+  {
+    "shortName": "TCL_Smart_Terminal",
+    "cnaID": "CNA-2026-0006",
+    "organizationName": "TCL Electronics Holdings Limited",
+    "scope": "TCL smart TV, smart pad, and mobile phone devices only. Projects listed on <a href='https://github.com/TclSecLab/CNA/blob/main/README_EN.md' target='_blank'>https://github.com/TclSecLab/CNA/blob/main/README_EN.md</a>.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "security@tcl.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://github.com/TclSecLab/CNA/blob/main/TSRC%20Disclosure%20Policy.md"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories 1",
+          "url": "https://src.tcl.com/en/noticeList"
+        },
+        {
+          "label": "Advisories 2",
+          "url": "https://github.com/TclSecLab/CNA"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Vendor"
+      ]
+    },
+    "country": "China"
   }
 ]

src/assets/data/faqs.json

@@ -74,7 +74,7 @@
 				"questionId": "who_owns_cve",
 				"questionText": "Who owns CVE",
 				"questionResponseParagraphs": [
-					"Copyright © 1999-2025, <a href='http://www.mitre.org/'>The MITRE Corporation</a>. CVE is a trademark and the CVE logo is a registered trademark of The MITRE Corporation. CVE is sponsored by <a href='https://www.dhs.gov/' target='_blank'>U.S. Department of Homeland Security</a> (DHS) <a href='https://www.cisa.gov/about/divisions-offices/cybersecurity-division'>Cybersecurity and Infrastructure Security Agency</a> (CISA). CISA funds the <a href='https://www.dhs.gov/science-and-technology/hssedi'>Homeland Security Systems Engineering and Development Institute (HSSEDI)</a>, a DHS Federally Funded Research and Development Center (FFRDC) operated by The MITRE Corporation, to operate the CVE Program in cooperation with industry, government, and academic stakeholders under a public/private partnership."
+					"Copyright © 1999-2026, <a href='http://www.mitre.org/'>The MITRE Corporation</a>. CVE is a trademark and the CVE logo is a registered trademark of The MITRE Corporation. CVE is sponsored by <a href='https://www.dhs.gov/' target='_blank'>U.S. Department of Homeland Security</a> (DHS) <a href='https://www.cisa.gov/about/divisions-offices/cybersecurity-division'>Cybersecurity and Infrastructure Security Agency</a> (CISA). CISA funds the <a href='https://www.dhs.gov/science-and-technology/hssedi'>Homeland Security Systems Engineering and Development Institute (HSSEDI)</a>, a DHS Federally Funded Research and Development Center (FFRDC) operated by The MITRE Corporation, to operate the CVE Program in cooperation with industry, government, and academic stakeholders under a public/private partnership."
 				]
 			},
 			{

src/assets/data/metrics.json

@@ -1172,7 +1172,7 @@
       "data": [
         {
           "month": "January",
-          "value": "5"
+          "value": "6"
         },
         {
           "month": "February",

src/assets/data/news.json

@@ -1,5 +1,26 @@
 {
   "currentNews": [
+    {
+      "id": 623,
+      "newsType": "news",
+      "title": "TCL Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "TCL Added as CNA",
+      "date": "2026-01-27",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/TCL_Smart_Terminal'>TCL Electronics Holdings Limited</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for TCL smart TV, smart pad, and mobile phone devices only. Projects listed on <a href='https://github.com/TclSecLab/CNA/blob/main/README_EN.md' target='_blank'>https://github.com/TclSecLab/CNA/blob/main/README_EN.md</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>490 CNAs</a> (487 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>41 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. TCL is the 24th CNA from China."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "TCL’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE TL-Root</a>."
+        }
+      ]
+    },
     {
       "id": 622,
       "newsType": "news",
@@ -126,7 +147,7 @@
       "id": 616,
       "displayOnHomepageOrder": 1,
       "newsType": "blog",
-      "title": "CVE Program to Normalize Formatting of Date/Time Fields Across Historical CVE Records Beginning in February 2026",
+      "title": "CVE Program to Normalize Formatting of Date/Time Fields Across Historical CVE Records Beginning in Mid-February 2026",
       "urlKeywords": "Historic CVE Record Date Time Fields Normalized",
       "date": "2026-01-06",
       "author": {
@@ -141,7 +162,7 @@
       "description": [
         {
           "contentnewsType": "paragraph",
-          "content": "The <a href='/'>CVE&trade; Program</a> is planning to begin normalizing the formatting of date/time fields across historical <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> in February 2026 (see the “Timeline” section below). This update will align older records with the standardized format already used for all new and updated records since February 2025:"
+          "content": "The <a href='/'>CVE&trade; Program</a> is planning to begin normalizing the formatting of date/time fields across historical <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> in mid-February 2026 (see the “Timeline” section below). This update will align older records with the standardized format already used for all new and updated records since February 2025:"
         },
         {
           "contentnewsType": "paragraph",

src/stores/cveListSearch.js

@@ -3,6 +3,18 @@ import { useErrorMessageStore } from './cveRecord';
 import { useGenericGlobalsStore } from './genericGlobals';
 import axios from 'axios';
 
+// Users may search for a CVE ID by either specifying it with or without quotes.
+// The regular expresssion object defined here will detect if a string is solely
+// a CVE ID (quotes optional).  It's used to extract the CVE ID. This helps to
+// yield consistent results independent of whether the user has enclosed the CVE
+// ID in quotes.
+
+const cveIdRegex = '(?<cveid>CVE-\\d{4}-\\d{4,7})';
+
+const searchCveIdRegex = `^"?${cveIdRegex}"?\$`;
+
+const searchCveIdRe = RegExp(searchCveIdRegex, 'i');
+
 export const useCveListSearchStore = defineStore('cveListSearch ', {
   state: () => {
     return {
@@ -66,30 +78,46 @@ export const useCveListSearchStore = defineStore('cveListSearch ', {
     }
   },
   actions: {
+    cveIdSearchTerm() {
+
+        // This method returns true if the search query is a CVE ID, optionally
+        // surrounded by quotes.  If this is the case, the CVE ID is extracted,
+        // normalized, and the query set to the quoted CVE ID.  By enclosing
+        // the CVE ID in quotes, the search won't break it up into its parts
+        // which is certainly not what the user expects.  This will make the
+        // search quicker and provide better results for CVE ID only searches.
+
+        const cveIdMatch = searchCveIdRe.exec(this.query);
+        if (cveIdMatch) {
+          this.cveId = cveIdMatch.groups.cveid.toUpperCase();
+          this.query = `"${this.cveId}"`;
+        }
+
+        return cveIdMatch !== null;
+    },
     decrement(field) {
       this[field] -= 1;
     },
-    isCveIdPattern() {
-      return new RegExp(/^CVE-\d{4}-\d{4,7}$/, 'i').test(this.query);
-    },
     resetResults() {
       this.searchResults = [];
       this.totalSearchResultCount = 0;
     },
     async search() {
       this.isSearching = true;
-      try{
+
+      const isCveIdSearch = this.cveIdSearchTerm();
+
+      try {
 
         // * query search service
         this.totalExecutingRequests = 1;
+
         await this.getSearchResults();
 
-        if (this.isCveIdPattern()) {
+        if (isCveIdSearch) {
 
           // The user's query is one CVE ID.
 
-          this.cveId = this.query.toUpperCase();
-
           if (this.searchResults.length === 1
               && this.searchResults[0].cveId === this.cveId) {
 
@@ -116,7 +144,7 @@ export const useCveListSearchStore = defineStore('cveListSearch ', {
         }
       } catch (error) {
         // if record is not found, find potential reserved/rejected ID
-        if (this.isCveIdPattern() && Object.keys(this.recordData).length === 0) {
+        if (isCveIdSearch && Object.keys(this.recordData).length === 0) {
           await this.getIdData();
         } else
           throw new Error(`search() >> error with getSearchResults(), getRecordData(): ${error}`);