With the continuous development of information technology, the quantity and variety of software products are increasing, but even high-quality software may contain vulnerabilities. In addition, the software update speed is fast, and the software architecture is increasingly complex, which leads to the gradual evolution of vulnerabilities into new forms. Consequently, traditional vulnerability detection methods and rules are difficult to apply to new vulnerability features. Due to the scarcity of zero-day vulnerability samples, zero-day vulnerabilities that appear in the software evolution process are difficult to find, which brings great potential risks to software security. This study proposes a vulnerability sample generation method based on abstract syntax tree mutation, which can simulate the structure and syntax rules of real vulnerabilities, generate vulnerability samples more in line with the actual situation, and provide a more effective solution for software security and reliability. This method analyzes the abstract syntax tree structure generated by Eclipse CDT, extracts the syntactic information in the nodes, reconstructs the nodes and abstract syntax trees, optimizes the abstract syntax tree structure, and designs a series of mutation operators. Subsequently, it performs mutation operations on the optimized abstract syntax trees. The method proposed in this paper can generate mutation samples with the characteristics of UAF and CUAF vulnerabilities, which can be used for the detection of zero-day vulnerabilities and help to improve the detection rate of zero-day vulnerabilities. Experimental results show that this method reduces the invalid sample size by 34% on average compared with the random variation method in traditional detection methods, and can generate more complex mutated samples. In addition, this method can generate more complex mutated samples, enhancing the coverage and accuracy of detection.