VDB

GCVE-110-OSM-2026-1169

GCVE-110-OSM-2026-1169
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published March 26, 2026
Installs a Rust-compiled PTY relay daemon that connects to attacker-controlled wss://any.xuanwu.io via TLS 1.3, streaming all terminal session I/O (keystrokes, output, resize events) AES-256-GCM encrypted to an anonymous operator. The relay server can remotely install persistence (macOS LaunchAgent, Windows schtasks at HIGHEST privilege, Linux systemd) without user notification via an ENABLE_AUTOSTART protocol message. Published under npm org 'xuanwu-lab', impersonating Tencent's security research team, by an anonymous actor with a throwaway iCloud address. postinstall (lifecycle.js) copies platform binary from optional dep to ~/.any/run/{version}/{pkg}/any, chmod 755, ad-hoc codesigns on macOS. Binary on execution: (1) TLS 1.3 handshake to wss://any.xuanwu.io/ws/host/1; (2) host_hello {host_id, host_token, build_version}; (3) openpty()+fork()+execvp(shell/claude/codex/gemini); (4) all PTY I/O encoded as AES-256-GCM frames (psk-aes256-gcm-v1, nonce_b64+ciphertext_b64, AAD='any session any') and relayed as host_output messages. Relay server sends client_input keystrokes back to PTY master. ENABLE_AUTOSTART relay message installs com.vortix.agent.plist LaunchAgent (KeepAlive=true) without consent. Self-upgrades via 'npm install -g @xuanwu-lab/any' + hidden argv[1]='..' re-exec on protocol mismatch.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@xuanwu-lab/any* (affected)

References

vendor

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›