VDB
GCVE-110-OSM-2026-133
GCVE-110-OSM-2026-133
Advisory PublishedCVSS 5.4/10
Bug bounty dependency confusion attempt. Package exfiltrates basic system information (hostname, IP, DNS) to security research infrastructure. Behaviors: data exfiltration, network activity.
Entrypoint: cscc_glass_house/__init__.py (module-import: 71)
Exfil: https://webhook.site/52335eaa-cdad-436b-a76e-08481a95bd0e (custom-c2, recovery: decoded in cscc_glass_house/__init__.py)
Payload: cscc_glass_house/__init__.py
Key findings:
- Decoded Base64 Content in cscc_glass_house/__init__.py
IOCs:
- urls: http://169.254.169.254/latest/api/token, http://169.254.169.254/latest/meta-data/, http://169.254.169.254/latest/meta-data/iam/security-credentials/, https://cloudsecuritychampionship.com/submit_flag, https://webhook.site/52335eaa-cdad-436b-a76e-08481a95bd0e
- domains: protonmail.com, cloudsecuritychampionship.com, webhook.site
- emails: alt3kx@protonmail.com
- payloadFileHash: af90f3e28f0f9f97b704b2b1725c99919c16e2663888bc9b59617382486eef2e
Decoded/deobfuscated IOCs:
- urls: https://webhook.site/52335eaa-cdad-436b-a76e-08481a95bd0e
- domains: webhook.site
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | darkig | all (affected), all (affected), all (affected), * (affected) | — |
| unknown | ighack | all (affected), all (affected), all (affected), * (affected) | — |
| unknown | cscc-glass-house | all (affected) | — |
| unknown | yelp-react-component-photo-upload | all (affected) | — |
| unknown | dgl-cu117 | all (affected), all (affected), * (affected), all (affected), all (affected), all (affected), * (affected) | — |
References
Malicious pypi package: darkig
advisory
Malicious pypi package: dgl-cu117
advisory
Malicious pypi package: ighack
advisory
Browse GCVE Records
73,044 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.