VDB

GCVE-110-OSM-2026-2494

GCVE-110-OSM-2026-2494
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 15, 2026
Malicious package detected. Behaviors: code execution. Payload: tests/certs/mtls/client/client.csr Key findings: - Escaped Protocol Pattern in src/requests/utils.py: ""://"" - Decoded Base64 Content in tests/certs/mtls/client/client.csr - Decoded Base64 Content in tests/certs/mtls/client/client.csr - Decoded Base64 Content in tests/certs/mtls/client/client.csr - Shell Command Execution in src/requests/starter.py: "subprocess.run(" IOCs: - ipv6: 1::, fe80::, 1200:0000:ab00:1234:0000:2552:7777:1313 - urls: https://user:pass@proxy:8080`, https://nvd.nist.gov/vuln/detail/CVE-2023-32681, https://bugfuzz.com, http://`., http://www.apache.org/licenses/ (+45 more) - domains: bugfuzz.com, python-requests.org, www.apache.org, kennethreitz.org, static.pepy.tech (+43 more) - emails: me@kennethreitz.org, me@kennethreitz.com, pass@complex.url.com, pass%20pass@complex.url.com, pass%23pass@complex.url.com (+4 more) - payloadFileHash: 5fc31e8e331f1fdbf7f80c4840b4e70fa81f6dc46ecab811bb03134d21ab4004 Decoded/deobfuscated IOCs: - domains: trust.python.org, on.org

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowncpu-optimizersall (affected)

References

advisory
vendor

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›