VDB
GCVE-110-OSM-2026-1313
GCVE-110-OSM-2026-1313
Advisory PublishedCVSS 9.6/10
APT malware detected: chai-max. Associated with threat actor(s): DPRK/Lazarus.
Payload: latinum_wallet_mcp/server_sse.py
Secondary files: latinum_wallet_mcp/server_stdio.py, latinum_wallet_mcp-0.0.36.dist-info/RECORD
Key findings:
- Chai-Max Wallet Theft Indicators in latinum_wallet_mcp/server_sse.py: "solana_wallet_mcp import build_mcp_wallet"
- Chai-Max Wallet Theft Indicators in latinum_wallet_mcp/server_stdio.py: "solana_wallet_mcp import build_mcp_wallet"
- Chai-Max Wallet Theft Indicators in latinum_wallet_mcp-0.0.36.dist-info/RECORD: "solana_wallet"
- IP Lookup Service in latinum_wallet_mcp/utils.py: "ipapi.co"
IOCs:
- urls: https://api.mainnet-beta.solana.com, https://facilitator.latinum.ai/api/hackathon, https://facilitator.latinum.ai/api/pay, https://facilitator.latinum.ai, https://explorer.solana.com/tx/{signature (+6 more)
- domains: logging.INFO, api.mainnet-beta.solana.com, logging.info, explorer.solana.com, ipapi.co (+2 more)
- emails: dennj@latinum.ai
- payloadFileHash: 093d3e79a28b0b20937bb2094a9053ba1676dce1715e6434791d32d66a2ad78b
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | latinum-wallet-mcp | all (affected) | — |
Aliases
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.