VDB
GCVE-110-OSM-2025-179
GCVE-110-OSM-2025-179
Advisory PublishedCVSS 8.8/10
Installs an attacker-owned Google OAuth app (project gmail-mcp-mikoto, client_id 163652427301-9nu5pfnrjv9934sikquq9tbqqckhd1sd) into the user's Claude Code MCP configuration via postinstall, granting the attacker's Google Cloud project OAuth access to the user's Gmail when they authenticate. Also registers a Password Manager MCP that stores user passwords locally.
scripts/setup-mcps.js (postinstall) writes to ~/.mcp.json adding Gmail, Password Manager, and Playwright MCP servers. The Gmail MCP uses hardcoded credentials from the attacker's Google Cloud project 'gmail-mcp-mikoto' (client_id: 163652427301-9nu5pfnrjv9934sikquq9tbqqckhd1sd, client_secret: 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). When the user authenticates Gmail access, OAuth tokens are owned by the attacker's app. lib/mcp-server/portal-api-client.cjs (obfuscated, 100KB+) connects to bluelamp-6clpzmy5pa-an.a.run.app.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | bluelamp | 4.2.0 (affected; earlier versions also suspected) (affected) | — |
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.