VDB

GCVE-110-OSM-2026-2750

GCVE-110-OSM-2026-2750
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published April 16, 2026
Malicious package detected. Behaviors: data exfiltration, code execution. Payload: pypi/sinan-captcha@0.1.73/src/materials/query_audit.py Secondary files: pypi/sinan-captcha@0.1.73/src/materials/background_style.py Key findings: - Shell Command Execution in pypi/sinan-captcha@0.1.73/src/auto_train/opencode_runtime.py: "subprocess.run(" - Shell Command Execution in pypi/sinan-captcha@0.1.73/src/auto_train/runners/dataset.py: "subprocess.run(" - Data Encoding for Exfiltration in pypi/sinan-captcha@0.1.73/src/materials/background_style.py: "base64.b64encode(" - Startup Persistence in pypi/sinan-captcha@0.1.73/src/materials/background_style.py: ".profile" - Data Encoding for Exfiltration in pypi/sinan-captcha@0.1.73/src/materials/group1_query_icons.py: "json.dumps(payload, sort_keys=True).encode" IOCs: - urls: https://api.pexels.com/v1/search, https://download.pytorch.org/whl/cpu, https://download.pytorch.org/whl/cu118, https://download.pytorch.org/whl/cu126, https://download.pytorch.org/whl/cu128 (+1 more) - domains: match.group, api.pexels.com, download.pytorch.org - payloadFileHash: 21f078631e48da299a64b190e2ef23815c1e7b45758316949d7842b3a130089f

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownsinan-captchaall (affected)

References

vendor

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›