VDB
GCVE-110-OSM-2026-1899
GCVE-110-OSM-2026-1899
Advisory PublishedCVSS 8.8/10
PolinRider (DPRK) active upstream injection attempt via compromised insider branch. Open PR #192 from in-org branch vin-placeholder-style-issues (authored by org member georgebabu160492 a.k.a. George Babu) contains the PolinRider obfuscated payload (signature: "rmcej%otb%",2857687, tag 9-2775-2) in src/components/BarcodeScanner/BarcodeScanner.edit.conditional.js. Main branch is currently CLEAN. Prior attempt #159 (by amira360, closed 2026-01-29) targeted the same repository — indicating repeat/sustained attacker interest in this 1-star organizational repo.
=== UPSTREAM INJECTION ATTEMPT (ACTIVE, OPEN) ===
Attack type: Insider branch PR (not a fork) — compromised org member pushing payload into working branch, then proposing merge to main
Target repo: Orbital-Installation-Technologies/FormIoComponents (1 star, org repo)
Branch: vin-placeholder-style-issues
PR: https://github.com/Orbital-Installation-Technologies/FormIoComponents/pull/192
PR opened: 2026-03-12
PR state at submission: open
PR title: Vin placeholder moved from code to formio
=== PAYLOAD ===
Infected file: src/components/BarcodeScanner/BarcodeScanner.edit.conditional.js
Signature: global['!']='9-2775-2'; var _$_1e42=(function(l,e){...})("rmcej%otb%",2857687)
Attack disguise: PR also contains legitimate-looking mass line-ending normalizations across many files (BarcodeScanner.js, CustomFile.js, Gps.js, ReviewButton.js, etc.) which dwarfs the small 5-line payload in the conditional file and makes review harder.
=== PR STATUS ===
Open PRs containing signature on this target: 1 (#192)
Prior closed PRs attempting the same injection: #159 (closed 2026-01-29, author amira360)
Parent infected: No (near miss)
=== AUTHORS ===
Primary: georgebabu160492 (George Babu), 2023-06-26 account, 4 public repos — org member whose account appears compromised.
Prior: amira360 (PR #159)
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Malicious package:
advisory
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.