VDB

GCVE-110-OSM-2026-1583

GCVE-110-OSM-2026-1583
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 8, 2026
Malicious package detected. Behaviors: data exfiltration, code execution, network activity. Payload: src/server.js Key findings: - Download and Execute in src/frontend/app.js: "curl -fsSL https://claude.ai/install.sh | bash" - System Information Exfiltration in src/server.js: "JSON.stringify({ anonId: anon.id, version: pkg.version, platfo..." - Filename Extraction from Response in src/server.js: "Content-Disposition': `attachment; filename=" - Shell Command Execution in bin/cli.js: "require('child_process')" - Platform Detection with Data Collection in src/cloud.js: "JSON.stringify({ salt: salt.toS" IOCs: - urls: https://claude.ai/install.sh, https://cli.kiro.dev/install, https://opencode.ai/install, https://cloud.neuraldeep.ru, http://host:port/v1 (+8 more) - domains: cli.kiro.dev, session.id, match.id, result.session.id, Terminal.app (+31 more) - payloadFileHash: c811c6e2293c01c1fa8fa20e01129b9afbde0ab7ee3f3c4e0a3529f302e0d29b

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowncodedash-app6.15.8 (affected)

References

vendor

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›