As software systems grow in complexity, security vulnerabilities have become increasingly prevalent, posing serious risks and economic costs. Although automated detection tools such as fuzzers have advanced considerably, effective resolution still often depends on human expertise. Existing automated vulnerability repair (AVR) methods rely heavily on manually provided annotations (e.g., fault locations or CWE labels), which are often difficult and time-consuming to obtain, while overlooking the rich, naturally embedded semantic context found in issue reports from developers. In this paper, we present VulnResolver, the first LLM-based hybrid agent framework for automated vulnerability issue resolution. VulnResolver unites the adaptability of autonomous agents with the stability of workflow-guided repair through two specialized agents. The Context Pre-Collection Agent (CPCAgent) adaptively explores the repository to gather dependency and contextual information, while the Safety Property Analysis Agent (SPAAgent) generates and validates the safety properties violated by vulnerabilities. Together, these agents produce structured analyses that enrich the original issue reports, enabling more accurate vulnerability localization and patch generation. Evaluations on the SEC-bench benchmark show that VulnResolver resolves 75% of issues on SEC-bench Lite, achieving the best resolution performance. On SEC-bench Full, VulnResolver also significantly outperforms the strongest baseline, the agent-based OpenHands, confirming its effectiveness. Overall, VulnResolver delivers an adaptive and security-aware framework that advances end-to-end automated vulnerability issue resolution through workflow stability and the specialized agents' capabilities in contextual reasoning and property-based analysis.

翻译：随着软件系统日益复杂，安全漏洞愈发普遍，带来了严重的风险和经济成本。尽管模糊测试器等自动化检测工具已取得长足进步，但有效的修复通常仍依赖于人工专业知识。现有的自动化漏洞修复方法严重依赖人工提供的标注信息（例如故障位置或CWE标签），这些信息往往难以获取且耗时，同时忽略了开发者提交的问题报告中天然蕴含的丰富语义上下文。本文提出VulnResolver，首个基于大语言模型的自动化漏洞问题修复混合智能体框架。VulnResolver通过两个专用智能体，将自主智能体的适应性与工作流引导修复的稳定性相结合。上下文预收集智能体自适应地探索代码仓库以收集依赖和上下文信息，而安全属性分析智能体则生成并验证被漏洞违反的安全属性。这些智能体共同生成结构化分析，从而丰富原始问题报告，实现更精确的漏洞定位和补丁生成。在SEC-bench基准测试上的评估表明，VulnResolver在SEC-bench Lite上解决了75%的问题，取得了最佳修复性能。在SEC-bench Full上，VulnResolver也显著优于最强的基线方法——基于智能体的OpenHands，证实了其有效性。总体而言，VulnResolver提供了一个兼具适应性和安全感知的框架，通过工作流稳定性以及专用智能体在上下文推理和基于属性分析方面的能力，推动了端到端自动化漏洞问题修复的发展。