Parallel Implementation Gap

A capability is implemented by two or more parallel modules (per adapter, per runtime, per deployment target). The canonical module imports a security check from a shared utility and enforces it; a divergent module, written separately for a different environment, never imports it. Both expose the same client-facing contract; one is gated, the other is not. The CVE names the divergent module.