VDB

GCVE-110-OSM-2026-2270

GCVE-110-OSM-2026-2270
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published April 14, 2026
There are two indicators of compromise in this repo 1) Malicious VSCode tasks.json that is designed to fetch payloads from 260120[.]vercel[.]app 2) temp_auto_push.bat file IOCS PolinRider campaign. This repository IOCs pointing to repository infected by PolinRider campaign. The Tasks.json file payloads have been taken down by hosting provider at the time of this report.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknownall (affected)

References

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›