VDB
GCVE-110-OSM-2026-1414
GCVE-110-OSM-2026-1414
Advisory PublishedCVSS 8.8/10
Malicious VSCode tasks.json that executes on the device, if the repository is opened as Trusted workspace in Visual Studio code.
The payload URLs in the vscode tasks.json file shows resemblance to TasksJacker attacks reported by OSM. As it is known to use URL shortners to hide the attacker controlled hosting infrastructure. The malicious infrastructure is hosted on davhub88[.]vercel[.]app subdomain.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Malicious package:
advisory
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.