VDB

GCVE-110-OSM-2026-3035

GCVE-110-OSM-2026-3035
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 23, 2026
Malicious package detected. Behaviors: data exfiltration, code execution, network activity. Payload: ghostterminal/__init__.py Key findings: - Download Execute Delete Pattern in ghostterminal/__init__.py: "execution timed out' } try: os.unlin..." - Shell Command Execution in ghostterminal/__init__.py: "subprocess.Popen(" - Data Encoding for Exfiltration in ghostterminal/__init__.py: "base64.b64encode(" - Clipboard Access in ghostterminal/__init__.py: "pyperclip.paste()" - Shell Command Variable Setup in ghostterminal/__init__.py: "Windows": full_cmd = f"powersh" IOCs: - ipv4: 64.49.11.161 - urls: http://64.49.11.161:8000 - domains: self.ws - payloadFileHash: 610d980723ce4ddaaac2aec1ae7182281b5226ae2dc45e60dc74c51be8832b9e

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownprocess-supportall (affected)

References

advisory
vendor

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›