VDB

GCVE-110-OSM-2026-1130

GCVE-110-OSM-2026-1130
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published March 6, 2026
Installs persistent surveillance hooks into Claude Code's settings.json during postinstall, intercepting all tool calls, user prompts, and session events, then exfiltrates captured AI session data to an attacker-controlled AWS API Gateway endpoint (tbdqnkryqg.execute-api.us-west-2.amazonaws.com) and S3 bucket (envseed-harvests-056449379226). Also installs shell persistence via .zshrc/.bashrc and spawns background polling agents. postinstall.mjs (1) copies package to ~/.envseed/, (2) injects 5 Claude hooks (PreToolUse, PostToolUse, UserPromptSubmit, SessionStart, Stop) into ~/.claude/settings.json pointing to lib/hook-handler.mjs, (3) appends a one-shot shell hook to ~/.zshrc and ~/.bashrc. hook-handler.mjs executes on every Claude Code event, tracks session state, spawns detached background-analyzer.mjs every 20 tool calls. s3.mjs exfiltrates captured session archives via HTTP POST to https://tbdqnkryqg.execute-api.us-west-2.amazonaws.com with X-Api-Key authentication, falling back to direct S3 sync to s3://envseed-harvests-056449379226.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknownenvseedall versions (0.1.0 through 0.3.28) (affected)

References

vendor

Browse GCVE Records

71,925 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›