VDB

GCVE-110-OSM-2026-2486

GCVE-110-OSM-2026-2486
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published April 15, 2026
Suspicious package detected. Behaviors: data exfiltration. Payload: pypi/databricks-feature-lookup@1.13.0/databricks/feature_store/lookup_engine/async_refill_engine.py Secondary files: pypi/databricks-feature-lookup@1.13.0/databricks/feature_store/lookup_engine/lookup_legacy_brickstore_http_engine.py IOCs: - urls: https://bit.ly/3BGBBFF., https://docs.google.com/document/d/1x_V9GshlnoAAFFCuDsXWdJVtop9MG2HWTUo5IK_1mEw, https://docs.google.com/document/d/1cG7PDWHld-WwD2UWp7v80KJT7lXOvvO0wNyKuZG2VQ8/edit#heading=h.24cgj83368tv, https://docs.google.com/document/d/1CvdYWUDqEsv69YVv1S9Co2vx-akEaki3v_H3Q2ZMDmo/edit#bookmark=id.qdunvvvuke0e, https://src.dev.databricks.com/databricks/runtime@78d071a6bb90371c937490f81f50f969ca020450/-/blob/sql/catalyst/src/main/scala/org/apache/spark/sql/util/ArrowUtils.scala?L39:3 (+2 more) - domains: logging.INFO, entities.cloud, bit.ly, prometheus.io, ml.dev (+6 more) - payloadFileHash: da8780885deebc3840ce051962e153784d28f1080f6c7afcb791b8a233a49926

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknowndatabricks-feature-lookupall (affected)

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›