VDB

GCVE-110-OSM-2026-26

GCVE-110-OSM-2026-26
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 7, 2026
Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code. Entrypoint: dist/index.cjs.js (main: dist/index.cjs.js) Exfil: https://evilmartians.com/chronicles/postcss-8-plugin-migration (custom-c2, recovery: deobfuscated in dist/cjs/sanitize-BoXpHTrY.js) Payload: dist/components/p-Bz80byMy.js Secondary files: dist/forja-sections/p-Bz80byMy.js, dist/cjs/sanitize-BoXpHTrY.js Key findings: - IOCs Found in Deobfuscated Code in dist/cjs/index-B3c9OiDB.js - IOCs Found in Deobfuscated Code in dist/components/p-Bz80byMy.js - IOCs Found in Deobfuscated Code in dist/esm/index-b35Z3PNE.js - IOCs Found in Deobfuscated Code in dist/forja-sections/p-Bz80byMy.js - Obfuscation Pattern: stringArrayAccess in dist/cjs/index-B3c9OiDB.js: "[propName][0]" IOCs: - urls: https://stenciljs.com/, https://stenciljs.com, https://stenciljs.com/docs/custom-elements#externalruntime`, https://chat.stenciljs.com, https://dom.spec.whatwg.org (+17 more) - domains: stenciljs.com, chat.stenciljs.com, html.spec.whatwg.org, dom.spec.whatwg.org, bjorn.tipling.com (+7 more) - emails: dominik@dorfstetter.at - _domainCandidates: stenciljs.com, chat.stenciljs.com, f.Space, t.Space, dA.my (+2 more) - payloadFileHash: f111974ca131e075334734d28d4a2d7c9091efe9dcbccfda552c934c6e2ca9ef

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownts-bignall (affected)
unknown@forjacms/sections2.0.0 (affected)
unknownnintendoamerica-ncomall (affected), * (affected), * (affected), all (affected), all (affected), all (affected), all (affected), all (affected)
unknownjson-lucideall (affected), all (affected), all (affected), * (affected), * (affected), all (affected)

References

advisory
vendor
advisory
vendor
advisory
vendor
advisory
vendor

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›