VDB
GCVE-110-OSM-2026-3035
GCVE-110-OSM-2026-3035
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration, code execution, network activity.
Payload: ghostterminal/__init__.py
Key findings:
- Download Execute Delete Pattern in ghostterminal/__init__.py: "execution timed out'
}
try:
os.unlin..."
- Shell Command Execution in ghostterminal/__init__.py: "subprocess.Popen("
- Data Encoding for Exfiltration in ghostterminal/__init__.py: "base64.b64encode("
- Clipboard Access in ghostterminal/__init__.py: "pyperclip.paste()"
- Shell Command Variable Setup in ghostterminal/__init__.py: "Windows":
full_cmd = f"powersh"
IOCs:
- ipv4: 64.49.11.161
- urls: http://64.49.11.161:8000
- domains: self.ws
- payloadFileHash: 610d980723ce4ddaaac2aec1ae7182281b5226ae2dc45e60dc74c51be8832b9e
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | process-support | all (affected) | — |
Aliases
Browse GCVE Records
72,096 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.