VDB

GCVE-110-OSM-2026-311

GCVE-110-OSM-2026-311
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 7, 2026
Malicious Go module part of North Korea's Contagious Interview campaign. Impersonates the official golang.org GitHub organization. Contains malicious CheckForUpdates function in parser.go that downloads and executes staged RAT payload for credential theft and data exfiltration. === PAYLOAD: Staged Loader === Malicious payload found in: parser.go (CheckForUpdates function) Behavior: Downloads and executes staged RAT payload Impersonates golang.org official organization C2 domains: logkit.onrender.com, logkit-tau.vercel.app Threat actor GitHub: github.com/golangorg

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknowntucyzirille-studio.angular-pro-tools-extensionall (affected)
unknowngithub.com/golangorg/formstashall (affected)
unknownvce-brendan-studio-eich.js-debuger-vscodeall (affected), all (affected), * (affected), all (affected), all (affected), all (affected), all (affected), * (affected)
unknownTessa.Coreall (affected)
unknowntreedotree.tree-do-todoextensionall (affected), * (affected), all (affected), all (affected), all (affected), * (affected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›