VDB
GCVE-110-OSM-2026-1587
GCVE-110-OSM-2026-1587
Advisory PublishedCVSS 8.8/10
Malicious package detected. Behaviors: code execution.
Payload: src/sentinel/tools.py
Key findings:
- Dynamic Code Execution in src/sentinel/tools.py: "eval(variable)"
- Shell Command Execution in src/sentinel/tools.py: "os.system("
IOCs:
- ipv4: 193.168.8.0
- ipv6: fe80::
- urls: https://www.sqlite.org/datatype3.html, https://www.codementor.io/@simransinghal/working-with-json-data-in-python-165crbkiyk, https://mariadb.com/kb/en/mariadb-audit-plugin-log-format/, https://nmap.org/book/port-scanning.html
- domains: rink.us, www.sqlite.org, logging.INFO, logging.info, no.search.no (+6 more)
- emails: karl@rink.us
- payloadFileHash: bef39c03336b13bbd836322fae93439bea3cbaebaf1ec6ebbe33569a30ec53b6
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | sentinel-tool | all (affected) | — |
Aliases
Browse GCVE Records
73,280 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.