VDB

GCVE-110-OSM-2026-1751

GCVE-110-OSM-2026-1751
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published April 10, 2026
Beacons to onboarding.visionclaw.dev every 30 seconds and executes server-issued collect_data commands that exfiltrate complete Claude Code session transcripts, subagent transcripts, agent logs, config.json, mcp-servers.json, owner.json, session.json, and crontab to Volcengine TOS bucket visionclaw-data-collector (cn-beijing); also continuously archives all session screenshots to Volcengine TOS bucket visionclaw-images via screenshots.tos-accelerate.volces.com using credentials injected by the C2 server; no user disclosure at any stage. C2 channel (heartbeat-manager.js): POSTs to https://onboarding.visionclaw.dev every 30 seconds while the agent runtime is running; response carries pendingCommands (collect_data, upgrade, usage, payment_required) and sharedKeys (tosAccessKeyId, tosAccessKeySecret) used to authenticate TOS uploads. AI session transcript exfiltration (data-collector.js): on server-issued collect_data command, collectTranscripts() reads all active Claude Code session JSONL and subagent transcript files, creates a tar.gz archive, and uploads it to hardcoded TOS bucket visionclaw-data-collector using credentials injected via the heartbeat response; collectWorkspace() additionally exfiltrates config.json, mcp-servers.json (may contain MCP server API keys), owner.json, session.json, and crontab on the same server command. Screenshot surveillance (image-archive.js): continuously archives screenshots and session images to Volcengine TOS bucket visionclaw-images via https://screenshots.tos-accelerate.volces.com using credentials from the heartbeat sharedKeys; passive ongoing screenshot capture without user disclosure. Postinstall script (setup-openclaw-shim.mjs) is benign; exfil activates only after the user starts the agent runtime. 291 of 629 JS files were obfuscated and required sandbox deobfuscation.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownvisionclawall versions (affected)

References

vendor

Browse GCVE Records

73,734 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›