VDB
GCVE-110-OSM-2026-3383
GCVE-110-OSM-2026-3383
Advisory PublishedCVSS 5.4/10
This package exhibits suspicious behaviours and needs further analysis
Payload: plugins/web_application_scanner/modules/databases/web_scanner_databases.py
Secondary files: core/executor/stealth_executor.py, plugins/lolbins_scanner/modules/databases/lolbins_databases.py
Key findings:
- Sensitive File Access in core/capabilities/runtime_capabilities.py: ""/etc/shadow""
- Sensitive File Access in core/executor/stealth_executor.py: "'~/.bash_history'"
- Sensitive File Access in plugins/activedirectory_hunter/modules/enumeration/user_enumerator.py: "'/etc/passwd'"
- Remote Code Execution in plugins/database_security_assessment/modules/services/scanner_service.py: "exec(", "EXECUTE", "SHELL",
"system(", "os.system", "subprocess",
..."
- Sensitive File Access in plugins/docker_escape/modules/databases/escape_databases.py: ""/etc/shadow""
IOCs:
- ipv4: 2.5.29.37, 1.3.6.1, 5.5.7.3, 5.2.3.4, 198.51.100.10 (+45 more)
- ipv6: 2001:db8::, 2400:cb00::, 2606:4700::, 2803:f800::, 2a06:98c0:: (+10 more)
- urls: https://docs.mindfabric.com, http://backend:8088`, http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip, http://169.254.169.254/latest/meta-data/public-ipv4, https://hooks\.slack\.com/services/T[A-Z0-9 (+45 more)
- domains: mindfabric.com, core.ws, libc.so, self.ws, contoso.com (+24 more)
- emails: info@mindfabric.ai, support@mindfabric.com, johndoe@contoso.local, john.doe@contoso.com, admin@domain.com (+43 more)
- bitcoinAddresses: 11111111111111111111111111111111
- awsAccessKeys: AKIA1234567890ABCDEF, AKIAXXXXXXXXXXXXXXXX, AKIAIOSFODNN7EXAMPLE
- oastEndpoints: http://spoofed.burpcollaborator.net
- sha256Hashes: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855, 0000000000000000000000000000000000000000000000000000000000000000, FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
- ips: 10.0.0.1
- payloadFileHash: 0624c9890c4f5fef5fdc887649da04f91edb7ec77c7bb2e43e4c3c2ee576cac0
Decoded/deobfuscated IOCs:
- ips: 10.0.0.1
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | mindfabric-agent | 1.1.351 (affected) | — |
Browse GCVE Records
73,834 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.