VDB

GCVE-110-OSM-2026-1161

GCVE-110-OSM-2026-1161
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published March 31, 2026
Malicious npm package published by account nrwise (nrwise@proton.me) as part of the axios supply chain compromise campaign. Part of the same C2 infrastructure (sfrclak.com) used in the compromised axios versions. Drops remote access trojan payloads. === PAYLOAD: RAT Dropper === C2 URL: http://sfrclak.com:8000/6202033 C2 IP: 142.11.206.73 Behavior: Contacts C2 server and delivers platform-specific second-stage RAT payloads: - macOS: /Library/Caches/com.apple.act.mond - Windows: %PROGRAMDATA%\wt.exe - Linux: /tmp/ld.py Published by npm account nrwise (nrwise@proton.me).

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownplain-crypto-js4.2.1 (affected)

References

vendor

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›