VDB

GCVE-110-OSM-2026-1899

GCVE-110-OSM-2026-1899
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published January 29, 2026
PolinRider (DPRK) active upstream injection attempt via compromised insider branch. Open PR #192 from in-org branch vin-placeholder-style-issues (authored by org member georgebabu160492 a.k.a. George Babu) contains the PolinRider obfuscated payload (signature: "rmcej%otb%",2857687, tag 9-2775-2) in src/components/BarcodeScanner/BarcodeScanner.edit.conditional.js. Main branch is currently CLEAN. Prior attempt #159 (by amira360, closed 2026-01-29) targeted the same repository — indicating repeat/sustained attacker interest in this 1-star organizational repo. === UPSTREAM INJECTION ATTEMPT (ACTIVE, OPEN) === Attack type: Insider branch PR (not a fork) — compromised org member pushing payload into working branch, then proposing merge to main Target repo: Orbital-Installation-Technologies/FormIoComponents (1 star, org repo) Branch: vin-placeholder-style-issues PR: https://github.com/Orbital-Installation-Technologies/FormIoComponents/pull/192 PR opened: 2026-03-12 PR state at submission: open PR title: Vin placeholder moved from code to formio === PAYLOAD === Infected file: src/components/BarcodeScanner/BarcodeScanner.edit.conditional.js Signature: global['!']='9-2775-2'; var _$_1e42=(function(l,e){...})("rmcej%otb%",2857687) Attack disguise: PR also contains legitimate-looking mass line-ending normalizations across many files (BarcodeScanner.js, CustomFile.js, Gps.js, ReviewButton.js, etc.) which dwarfs the small 5-line payload in the conditional file and makes review harder. === PR STATUS === Open PRs containing signature on this target: 1 (#192) Prior closed PRs attempting the same injection: #159 (closed 2026-01-29, author amira360) Parent infected: No (near miss) === AUTHORS === Primary: georgebabu160492 (George Babu), 2023-06-26 account, 4 public repos — org member whose account appears compromised. Prior: amira360 (PR #159)

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownall (affected)

References

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›