VDB

GCVE-110-OSM-2026-2138

GCVE-110-OSM-2026-2138
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published April 13, 2026
PolinRider DPRK malware payload appended to config file (task-manager/vite.config.js, vue-task-management-system/vite.config.js) in developer's own repo. Confirmed signatures: rmcej%otb% and global['!']/_$_1e42 obfuscation builder. Connects to TRON blockchain C2 via trongrid.io. Victim's GitHub credentials likely compromised. === POLINRIDER PAYLOAD (Category A — victim developer repo) === Attack type: PolinRider config-file injection (DPRK) Victim repo: KelvinTechies/laravel-vue-task-management-system Infected file(s): task-manager/vite.config.js, vue-task-management-system/vite.config.js === SIGNATURES VERIFIED === Primary: ("rmcej%otb%",2857687) Secondary: global['!']='X-X-X';var _$_1e42= Builder variant key: wuqktamceigynzbosdctpusocrjhrflovnxrt === BEHAVIOR === Heavily obfuscated JS payload appended to legitimate config file. Calls require() and child_process from a config file (anomalous). Connects to TRON blockchain (trongrid.io) for C2 / payload retrieval. === CLASSIFICATION === Category A — developer machine compromised; payload pushed to own repo. Non-fork, no upstream PR vector observed in this hunt.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknownall (affected)

References

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›