VDB

GCVE-110-OSM-2026-341

GCVE-110-OSM-2026-341
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published April 16, 2026
Malicious code in monolith-twirp-pullsd-authorization (RubyGems) Affected versions: 0.0.1, 1.0.4. Suspicious high version numbers / internal namespace pattern consistent with a dependency-confusion attack.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownmecreation-studio.pyrefly-pro-extensionall (affected)
unknownnamopins.prettier-pro-vscode-extensionall (affected), all (affected), all (affected), all (affected), all (affected), * (affected), * (affected), all (affected)
unknownmarkvalid.vscode-mdvalidator-extensionall (affected), all (affected), all (affected), all (affected), all (affected), all (affected)
unknownmonolith-twirp-pullsd-authorization
unknownUltimate.Wpf.Toolkitall (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›