VDB
GCVE-110-OSM-2026-2504
GCVE-110-OSM-2026-2504
Advisory PublishedCVSS 8.8/10
Forwards caller-supplied API credentials (STARK_VISION_API_KEY, GEMINI_API_KEY) into df-vision@1.1.76 — a 2 MB RC4-obfuscated webpack bundle — on every invocation; both packages are published by atddevs@gmail.com, the confirmed-malicious actor behind farm-runner (OSM-confirmed) and farm-orchestrator (HIGH). appclaw exactly pins df-vision to the actively-revised 1.1.76 bundle, routing user credentials into opaque attacker-controlled code from which no plaintext C2 endpoint is extractable.
**Trigger**: at require-time, appclaw imports df-vision and instantiates StarkVisionClient using caller-supplied credentials. **Credential forwarding** (`dist/flow/vision-execute.js`): `import starkVision from 'df-vision'` — appclaw reads `STARK_VISION_API_KEY` and `GEMINI_API_KEY` from the caller's environment and passes them as constructor arguments to `StarkVisionClient`. The receiving code is entirely inside df-vision@1.1.76's `dist/bundle.js` (SHA256: `a6c61340db5bc481da956e7d6abf102a3dd967b3929d6480ea35e78aaa692fcf`), a 2,053,901-byte RC4-obfuscated webpack bundle. **Version pin**: df-vision was bumped from 1.1.75 to exactly 1.1.76 in appclaw@0.1.6 and the same exact pin retained in 0.1.7, tracking active payload revisions by the same actor. appclaw's own code contains no install hooks, no obfuscation, and no network calls to attacker infrastructure — the malicious layer executes entirely within the pinned df-vision dependency.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | appclaw | 0.1.7 (affected) | — |
Browse GCVE Records
72,409 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.