Indeed, good catch. I just updated the CISA to KEV BCP-07 script to add it:
We also update the BCP-07 document to reference those fields are optional meta fields as usually the CWEs are also described in the vulnerability information as well.
Thank you!