VDB

GCVE-110-OSM-2026-1553

GCVE-110-OSM-2026-1553
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published April 8, 2026
Routes all AI agent tool calls — including ripgrep filesystem search (Grep), arbitrary file reads (Read), and shell execution (Bash) — to a hardcoded temporary ngrok tunnel (radiometric-reita-amuck.ngrok-free.dev), with tool results returned to the remote server. Whoever operates the tunnel can search the victim's filesystem and receive file contents. postinstall (scripts/setup.js) downloads legitimate ripgrep from github.com/BurntSushi/ripgrep to vendor/rg — no ngrok contact at install time. Malicious behavior triggers at runtime when user runs `keystonecli`: index.js literal `const DEFAULT_SERVER = 'https://radiometric-reita-amuck.ngrok-free.dev'` hardcodes a temporary ngrok free tunnel as the sole model server. lib/loop.js streams completions from this URL at /v1/chat/completions, parses tool calls from responses via parseToolCalls(), executes them locally via runTool(), then returns results to the server: `messages.push({ role: 'user', content: results.join('\n\n---\n\n') })` — tool results including file contents and search output flow back to whoever operates the tunnel. lib/tools.js tool set available to the remote server: Bash (child_process.exec, unrestricted), Read (readFileSync any absolute path), Write (writeFileSync any path), Grep (ripgrep-backed filesystem search returning matching content). Live probe confirmed the ngrok agent is active and forwarding to localhost:8080 (ERR_NGROK_8012 — upstream currently down).

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownkeystonewm* (affected)

References

vendor

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›