VDB

GCVE-110-OSM-2026-1007

GCVE-110-OSM-2026-1007
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published March 16, 2026
Malicious OpenVSX extension part of GlassWorm Wave 5 campaign. Uses invisible Unicode obfuscation, transitive dependency abuse via extensionPack/extensionDependencies fields, and staged JavaScript execution with RC4 encryption. Includes locale gating targeting Russian-speaking users. C2 resolution via Solana blockchain memos. Technique: Invisible Unicode obfuscation + transitive dependency abuse Behavior: Staged JavaScript execution, in-memory payload, RC4 encryption Locale gating: Russian language targeting C2 IPs: 45.32.150.251, 45.32.151.157, 70.34.242.255 Solana wallet: 6YGcuyFRJKZtcaYCCFba9fScNUvPkGXodXE1mJiSzqDJ

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownbhbpbarn.vsce-python-indent-extensionall (affected)

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›