VDB
GCVE-110-OSM-2026-3036
GCVE-110-OSM-2026-3036
Advisory PublishedCVSS 5.4/10
Bug bounty dependency confusion attempt. Package exfiltrates basic system information (hostname, IP, DNS) to security research infrastructure. Behaviors: data exfiltration, code execution, obfuscated code.
Payload: tests/scripts/data/commits__version_4_0_1.json
Key findings:
- Shell Command Execution in pypdf/filters.py: "subprocess.run("
- Data Encoding for Exfiltration in pypdf/generic/_base.py: "binascii.hexlify("
IOCs:
- ipv4: 7.4.4.2, 7.7.3.3, 7.7.3.2, 12.7.4.3, 7.3.4.2 (+1 more)
- ipv6: 2::
- urls: http://docs.pdfsharp.net, http://www.adobe.com/, https://download.macromedia.com/pub/developer/opentype/tech-notes/Core14_AFMs.zip, https://www.unicode.org/Public/MAPPINGS/VENDORS/ADOBE/symbol.txt, https://www.unicode.org/Public/MAPPINGS/VENDORS/ADOBE/zdingbat.txt (+33 more)
- domains: mac-guyver.com, mathieu.fenniak.net, martin-thoma.de, canarytokens.com, docs.pdfsharp.net (+22 more)
- emails: switham_github@mac-guyver.com, biziqe@mathieu.fenniak.net, info@martin-thoma.de
- binaryHashes: af010636c5a7b4d87c8af9572e474783502402f32654d25bf347e5d56155f7a4
- payloadFileHash: 54a5ab23e91b03e0ae5dd0922793fa1377dc073622f51ed71b61b4e48223ce64
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | pypdf-fork | * (affected) | — |
Aliases
Browse GCVE Records
72,148 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.