VDB

GCVE-110-OSM-2026-2540

GCVE-110-OSM-2026-2540
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published April 16, 2026
Malicious package detected. Payload: pypi/aquiles-image@0.6.1/aquilesimage/templates/index.html Secondary files: pypi/aquiles-image@0.6.1/aquilesimage/runtime/worker_manager.py Key findings: - Clipboard Access in pypi/aquiles-image@0.6.1/aquilesimage/templates/index.html: "navigator.clipboard.writeText" IOCs: - urls: http://www.apache.org/licenses/, http://www.apache.org/licenses/LICENSE-2.0, https://fastapi.tiangolo.com, https://aquiles-ai.github.io/aquiles-image-docs/, https://deepwiki.com/Aquiles-ai/Aquiles-Image (+10 more) - domains: www.apache.org, res.cloudinary.com, fastapi.tiangolo.com, static.pepy.tech, aquiles-ai.github.io (+23 more) - payloadFileHash: 1685f5b7f4c8e9376ced583f1231f8d1be63624651e75a7fa75dc08d8ec2fd14

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownaquiles-imageall (affected)

References

vendor

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›