VDB
GCVE-110-OSM-2026-26
GCVE-110-OSM-2026-26
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code.
Entrypoint: dist/index.cjs.js (main: dist/index.cjs.js)
Exfil: https://evilmartians.com/chronicles/postcss-8-plugin-migration (custom-c2, recovery: deobfuscated in dist/cjs/sanitize-BoXpHTrY.js)
Payload: dist/components/p-Bz80byMy.js
Secondary files: dist/forja-sections/p-Bz80byMy.js, dist/cjs/sanitize-BoXpHTrY.js
Key findings:
- IOCs Found in Deobfuscated Code in dist/cjs/index-B3c9OiDB.js
- IOCs Found in Deobfuscated Code in dist/components/p-Bz80byMy.js
- IOCs Found in Deobfuscated Code in dist/esm/index-b35Z3PNE.js
- IOCs Found in Deobfuscated Code in dist/forja-sections/p-Bz80byMy.js
- Obfuscation Pattern: stringArrayAccess in dist/cjs/index-B3c9OiDB.js: "[propName][0]"
IOCs:
- urls: https://stenciljs.com/, https://stenciljs.com, https://stenciljs.com/docs/custom-elements#externalruntime`, https://chat.stenciljs.com, https://dom.spec.whatwg.org (+17 more)
- domains: stenciljs.com, chat.stenciljs.com, html.spec.whatwg.org, dom.spec.whatwg.org, bjorn.tipling.com (+7 more)
- emails: dominik@dorfstetter.at
- _domainCandidates: stenciljs.com, chat.stenciljs.com, f.Space, t.Space, dA.my (+2 more)
- payloadFileHash: f111974ca131e075334734d28d4a2d7c9091efe9dcbccfda552c934c6e2ca9ef
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | ts-bign | all (affected) | — |
| unknown | @forjacms/sections | 2.0.0 (affected) | — |
| unknown | nintendoamerica-ncom | all (affected), * (affected), * (affected), all (affected), all (affected), all (affected), all (affected), all (affected) | — |
| unknown | json-lucide | all (affected), all (affected), all (affected), * (affected), * (affected), all (affected) | — |
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.