VDB

GCVE-110-OSM-2026-1454

GCVE-110-OSM-2026-1454
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 6, 2026
Malicious package detected. Behaviors: data exfiltration, code execution, network activity, obfuscated code. Payload: dist/ai/claude-executor.js Secondary files: dist/cli/export-command.js, dist/cli/export-commands.js Key findings: - Environment Variable Exfiltration in dist/ai/claude-executor.js: "process.env.CLAUDE_CODE_MAX_OUTPUT_TOKENS || '64000'; // Propagate proxy con..." - Download Execute Delete Pattern in dist/temporal/activity-api-fuzz.js: "spawn } from 'node:child_process'; import { randomUUID } from 'node:crypto'; imp..." - Sensitive File Access in knowledge/poc-templates/chains/chain-path-traversal-file-disclosure-001.yaml: ""/etc/passwd"" - Sensitive File Access in knowledge/poc-templates/file/file-deser-php-001.yaml: ""/etc/passwd"" - Sensitive File Access in knowledge/poc-templates/file/file-lfi-traversal-001.yaml: ""/etc/passwd"" IOCs: - ipv4: 1.2.1.1, 18.1.0.00, 100.100.100.200, 104.21.45.123 - ipv6: ec2::, 1:1::, 0:0::, 0000::, 1:: (+1 more) - urls: https://nulled.ai, https://docs.docker.com/get-docker/, https://your-app.com, http://host.docker.internal:3000, http://json-schema.org/draft-07/schema# (+45 more) - domains: cgr.dev, nikto.pl, docs.docker.com, your-app.com, json-schema.org (+45 more) - emails: more@nulled.ai, alaa@nulled.ai, target.com@evil.com, hacker@evil.com, user@a.com (+2 more) - ethereumAddresses: 0x76657273696f6e28292c64617461626173652829 - awsAccessKeys: AKIAIOSFODNN7EXAMPLE - payloadFileHash: 452deab9bd4234dd2309acefb2aaad0845a7ed85783fbd6f70bc3414e8bc9688

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@phenixstar/talonall (affected)

References

vendor

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›