VDB
GCVE-110-OSM-2026-1318
GCVE-110-OSM-2026-1318
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: code execution, obfuscated code.
Payload: eth_account/account.py
Key findings:
- Base64 Decoded Eval in eth_account/account.py: "exec(base64.b64decode"
- Python Exec with Encoded Content in eth_account/account.py: "exec(base64.b64decode"
- Cryptocurrency Wallet Theft in eth_account/account.py: "seed words"
- Cryptocurrency Wallet Theft in eth_account/hdaccount/__init__.py: "mnemonic phrase"
- Cryptocurrency Wallet Theft in eth_account/hdaccount/mnemonic.py: "mnemonic phrase"
IOCs:
- urls: https://eips.ethereum.org/EIPS/eip-191, https://eips.ethereum.org/EIPS/eip-712, https://eips.ethereum.org/EIPS/eip-7702, http://www.pydocstyle.org/en/3.0.0/error_codes.html, https://en.bitcoin.it/wiki/BIP_0032_TestVectors (+5 more)
- domains: ethereum.org, MANIFEST.in, eips.ethereum.org, www.pydocstyle.org, en.bitcoin.it (+8 more)
- emails: snakecharmers@ethereum.org
- ethereumAddresses: 0x5ce9454909639D2D17A3F753ce7d93fa0b9aB12E, 0x9AdA5dAD14d925f4df1378409731a9B71Bc8569d, 0x61Cc15522D06983Ac7aADe23f9d5433d38e78195, 0x1240460F6E370f28079E5F9B52f9DcB759F051b7, 0xd30dC9f996539826C646Eb48bb45F6ee1D1474af (+45 more)
- sha256Hashes: cb636716a9fd46adbb31832d964df2082536edd5399a3393327dc89b0193a2be, 4f626ec5e7fea391b2229348a65bfef532c2a4e8372c0a6a814505a350a7689d, c85ef7d79691fe79573b1a7064c19c1a9819ebdbd1faaab1a8ec92344438aaf4, c87f65ff3f271bf5dc8643484f66b200109caffe4bf98c4cb393dc35740b28c0, fad9c8855b740a0b7ed4c221dbad0f33a83a49cad6b3fe8d5817ac83d38b6a19 (+45 more)
- telegramBots: api.telegram.org/bot8314712768:AAEtOvqHBnagDn1ukdMmkL7IzEYG91ljc2s
- payloadFileHash: a23a7748f1ca9c41aa62d93d5b8533e75b6c6b09ec94a9649ac2c693512a4d7d
Decoded/deobfuscated IOCs:
- urls: https://api.telegram.org/bot8314712768:AAEtOvqHBnagDn1ukdMmkL7IzEYG91ljc2s/sendMessage
- domains: api.telegram.org
- telegramBots: api.telegram.org/bot8314712768:AAEtOvqHBnagDn1ukdMmkL7IzEYG91ljc2s
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | eht-account | all (affected) | — |
Aliases
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.