VDB
GCVE-110-OSM-2026-2545
GCVE-110-OSM-2026-2545
Advisory PublishedCVSS 5.4/10
Dependency confusion brand impersonation package targeting Comcast's external API namespace, published by confirmed malicious actor realvivek07 (vivekkashyap0707@gmail.com). The same account published paysafe-venmo@99.99.2 and paysafe-apple-pay@99.99.2 — confirmed infostealer packages with postinstall hooks exfiltrating USERPROFILE and APPDATA environment variables via HTTPS — which were seized by the npm security team. The tarball has been deleted and is unrecoverable from all mirrors; 112 downloads occurred before removal.
**Mechanism:** Brand impersonation probe targeting Comcast's external API namespace. The package was minimal (237 bytes, 3 files) and manually published without git provenance. npm metadata confirms no install scripts are declared in this version. Tarball is unrecoverable from the npm registry and all caching mirrors, preventing payload confirmation.
**Actor context:** Publisher (vivekkashyap0707@gmail.com / realvivek07) is the same actor responsible for confirmed dependency confusion payloads against Paysafe (paysafe-venmo@99.99.2, paysafe-apple-pay@99.99.2, paysafe-google-pay@99.99.2). Those packages carried postinstall hooks collecting and exfiltrating USERPROFILE and APPDATA environment variables via HTTPS. The npm security team seized those packages and replaced them with 0.0.1-security tombstones. The actor targets multiple large organizations (Walmart, Comcast, Paysafe) in a coordinated campaign.
**Limitation:** Payload content cannot be confirmed for this specific package due to tarball deletion. Candidate is actor-attributed.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | comcast-api | 1.0.0 (affected) | — |
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.