VDB
GCVE-110-OSM-2026-1583
GCVE-110-OSM-2026-1583
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration, code execution, network activity.
Payload: src/server.js
Key findings:
- Download and Execute in src/frontend/app.js: "curl -fsSL https://claude.ai/install.sh | bash"
- System Information Exfiltration in src/server.js: "JSON.stringify({
anonId: anon.id,
version: pkg.version,
platfo..."
- Filename Extraction from Response in src/server.js: "Content-Disposition': `attachment; filename="
- Shell Command Execution in bin/cli.js: "require('child_process')"
- Platform Detection with Data Collection in src/cloud.js: "JSON.stringify({ salt: salt.toS"
IOCs:
- urls: https://claude.ai/install.sh, https://cli.kiro.dev/install, https://opencode.ai/install, https://cloud.neuraldeep.ru, http://host:port/v1 (+8 more)
- domains: cli.kiro.dev, session.id, match.id, result.session.id, Terminal.app (+31 more)
- payloadFileHash: c811c6e2293c01c1fa8fa20e01129b9afbde0ab7ee3f3c4e0a3529f302e0d29b
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | codedash-app | 6.15.8 (affected) | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.