VDB
GCVE-110-OSM-2026-1454
GCVE-110-OSM-2026-1454
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration, code execution, network activity, obfuscated code.
Payload: dist/ai/claude-executor.js
Secondary files: dist/cli/export-command.js, dist/cli/export-commands.js
Key findings:
- Environment Variable Exfiltration in dist/ai/claude-executor.js: "process.env.CLAUDE_CODE_MAX_OUTPUT_TOKENS || '64000';
// Propagate proxy con..."
- Download Execute Delete Pattern in dist/temporal/activity-api-fuzz.js: "spawn } from 'node:child_process';
import { randomUUID } from 'node:crypto';
imp..."
- Sensitive File Access in knowledge/poc-templates/chains/chain-path-traversal-file-disclosure-001.yaml: ""/etc/passwd""
- Sensitive File Access in knowledge/poc-templates/file/file-deser-php-001.yaml: ""/etc/passwd""
- Sensitive File Access in knowledge/poc-templates/file/file-lfi-traversal-001.yaml: ""/etc/passwd""
IOCs:
- ipv4: 1.2.1.1, 18.1.0.00, 100.100.100.200, 104.21.45.123
- ipv6: ec2::, 1:1::, 0:0::, 0000::, 1:: (+1 more)
- urls: https://nulled.ai, https://docs.docker.com/get-docker/, https://your-app.com, http://host.docker.internal:3000, http://json-schema.org/draft-07/schema# (+45 more)
- domains: cgr.dev, nikto.pl, docs.docker.com, your-app.com, json-schema.org (+45 more)
- emails: more@nulled.ai, alaa@nulled.ai, target.com@evil.com, hacker@evil.com, user@a.com (+2 more)
- ethereumAddresses: 0x76657273696f6e28292c64617461626173652829
- awsAccessKeys: AKIAIOSFODNN7EXAMPLE
- payloadFileHash: 452deab9bd4234dd2309acefb2aaad0845a7ed85783fbd6f70bc3414e8bc9688
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | @phenixstar/talon | all (affected) | — |
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.