VDB
GCVE-110-OSM-2026-1319
GCVE-110-OSM-2026-1319
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: code execution, obfuscated code.
Payload: eth_account/account.py
Key findings:
- Base64 Decoded Eval in eth_account/account.py: "exec(base64.b64decode"
- Python Exec with Encoded Content in eth_account/account.py: "exec(base64.b64decode"
- Cryptocurrency Wallet Theft in eth_account/account.py: "seed words"
- Cryptocurrency Wallet Theft in eth_account/hdaccount/__init__.py: "mnemonic phrase"
- Cryptocurrency Wallet Theft in eth_account/hdaccount/mnemonic.py: "mnemonic phrase"
IOCs:
- urls: https://eips.ethereum.org/EIPS/eip-191, https://eips.ethereum.org/EIPS/eip-712, https://eips.ethereum.org/EIPS/eip-7702, http://www.pydocstyle.org/en/3.0.0/error_codes.html, https://en.bitcoin.it/wiki/BIP_0032_TestVectors (+5 more)
- domains: ethereum.org, eips.ethereum.org, MANIFEST.in, www.pydocstyle.org, gopkg.in (+10 more)
- emails: snakecharmers@ethereum.org
- ethereumAddresses: 0x5ce9454909639D2D17A3F753ce7d93fa0b9aB12E, 0x9AdA5dAD14d925f4df1378409731a9B71Bc8569d, 0x61Cc15522D06983Ac7aADe23f9d5433d38e78195, 0x1240460F6E370f28079E5F9B52f9DcB759F051b7, 0xd30dC9f996539826C646Eb48bb45F6ee1D1474af (+45 more)
- sha256Hashes: cb636716a9fd46adbb31832d964df2082536edd5399a3393327dc89b0193a2be, 4f626ec5e7fea391b2229348a65bfef532c2a4e8372c0a6a814505a350a7689d, 4646464646464646464646464646464646464646464646464646464646464646, c85ef7d79691fe79573b1a7064c19c1a9819ebdbd1faaab1a8ec92344438aaf4, c87f65ff3f271bf5dc8643484f66b200109caffe4bf98c4cb393dc35740b28c0 (+45 more)
- telegramBots: api.telegram.org/bot8314712768:AAEtOvqHBnagDn1ukdMmkL7IzEYG91ljc2s
- payloadFileHash: 6e787ab4a3c48939fa13077c7918d7b1a2dd2a95f0c7434621218d3e6858c29e
Decoded/deobfuscated IOCs:
- urls: https://api.telegram.org/bot8314712768:AAEtOvqHBnagDn1ukdMmkL7IzEYG91ljc2s/sendMessage
- domains: api.telegram.org
- telegramBots: api.telegram.org/bot8314712768:AAEtOvqHBnagDn1ukdMmkL7IzEYG91ljc2s
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | ether-account | all (affected) | — |
Aliases
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.