VDB

GCVE-110-OSM-2026-191

GCVE-110-OSM-2026-191
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published May 11, 2026
[osmalyze-auto] Malicious package detected. Behaviors: data exfiltration, code execution. [osmalyze-auto] Exfil: http://ip-api.com/json/ (custom-c2, recovery: plaintext in runner_info/runner_info.py) Payload: runner_info/runner_info.py Key findings: - Sensitive File Access in runner_info/runner_info.py: ""/etc/passwd"" - Shell Command Execution in runner_info/runner_info.py: "subprocess.Popen(" - Silent Process Execution in runner_info/runner_info.py: "stdout=subprocess.DEVNULL" IOCs: - ipv4: 1.1.1.1 - urls: http://ip-api.com/json/ - domains: ip-api.com - payloadFileHash: 270195d58972675cd02bcfb08793f7701bdc17abd2535ca4db136675ff5e1292

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowncdf-clients* (affected), all (affected), all (affected), * (affected)
unknownhashtools32all (affected), all (affected), all (affected), all (affected)
unknownrunner-infoall (affected)
unknowncomposer-dev* (affected)
unknownisb* (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected)

References

advisory
vendor
advisory
vendor
advisory
vendor
advisory
vendor
vendor

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›