VDB

GCVE-110-OSM-2026-129

GCVE-110-OSM-2026-129
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published June 5, 2026
Malicious package detected. Behaviors: data exfiltration, code execution. Entrypoint: src/get_subscribe/main.py (console-script: get-subscribe=get_subscribe.main:main) Exfil: https://www.cfmem.com/feeds/posts/default?alt=rss (custom-c2, recovery: plaintext in src/get_subscribe/fetcher.py) Payload: src/get_subscribe/client_launcher.py Secondary files: src/get_subscribe/fetcher.py Key findings: - Cron Job Persistence in PKG-INFO: "crontab -" - Shell Command Execution in src/get_subscribe/client_launcher.py: "subprocess.Popen(" - Silent Process Execution in src/get_subscribe/client_launcher.py: "stdout=subprocess.DEVNULL" - Shell Command Variable Setup in src/get_subscribe/client_launcher.py: "Windows Start menu protocol subprocess.run(["cmd", "/c", "st..." - Shell Command Execution in src/get_subscribe/client_manager.py: "subprocess.run(" IOCs: - urls: https://git.io/emzclash, https://git.io/emzv2ray, https://www.cfmem.com/feeds/posts/default?alt=rss, https://v2rayse.com/fs/public/...txt - domains: git.io, cnr.cn - payloadFileHash: 5e49566f9ae04222c0c69f43ad4b0a0e97134545b1b45f61152201b16cf3731c

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowndo-not-install-this-package-004* (affected), * (affected), all (affected), all (affected), all (affected), all (affected), all (affected)
unknowncollectersall (affected), all (affected), all (affected), all (affected)
unknownget-subscribe1.0.31 (affected)
unknownpino-pretty-logall (affected)
unknownfastapi-middleware-cors* (affected), all (affected), * (affected), * (affected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›