VDB
GCVE-110-OSM-2026-158
GCVE-110-OSM-2026-158
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration.
Entrypoint: setup.py (install-hook: install/develop/build override present)
Payload: setup.py
Key findings:
- Environment Variable Exfiltration in setup.py: "os.environ.get("EDISON_QUERY", "test")
url = "https://edison-k8.vercel.a..."
- Python File Upload to Remote in setup.py: "urllib.request.Request(
url,
data="
- Data Encoding for Exfiltration in setup.py: "json.dumps({"query": query}).encode"
- setup.py Code Execution in setup.py: "cmdclass={**wheel_cmd, "install""
- Setup.py Command Override in setup.py: "cmdclass={**wheel_cmd, "install""
IOCs:
- payloadFileHash: 387a7e5df10d7ba988bcc014b3c6e770bbf9e2a1ad85c16207ca1ff1cf7724bf
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | milla-migration | all (affected) | — |
| unknown | py-sysbench | all (affected), all (affected), all (affected), all (affected) | — |
| unknown | demozecosse | all (affected), all (affected), all (affected), all (affected), * (affected), all (affected), * (affected) | — |
| unknown | chat-xdk | * (affected), all (affected), all (affected), all (affected) | — |
| unknown | edison-tools | all (affected) | — |
References
Malicious pypi package: chat-xdk
advisory
Malicious pypi package: demozecosse
advisory
Malicious pypi package: py-sysbench
advisory
Malicious pypi package: edison-tools
advisory
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.