VDB

GCVE-110-OSM-2026-3430

GCVE-110-OSM-2026-3430
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 29, 2026
APT malware detected: chai-max. Associated with threat actor(s): DPRK/Lazarus. Behaviors: data exfiltration, code execution, network activity. Payload: optional-skills/blockchain/solana/scripts/solana_client.py Secondary files: agent/anthropic_adapter.py, bwm_cli/web_server.py Key findings: - Sensitive File Access in agent/file_safety.py: ""/etc/passwd"" - Chai-Max Wallet Theft Indicators in optional-skills/blockchain/solana/scripts/solana_client.py: "solana_client.py wallet" - Environment Variable Exfiltration in optional-skills/health/fitness-nutrition/scripts/nutrition_search.py: "os.environ.get("USDA_API_KEY", "DEMO_KEY") BASE = "https://api.nal.usda.gov/fdc..." - Remote Code Execution in skills/red-teaming/godmode/scripts/auto_jailbreak.py: "exec(open(os.path.expanduser( os.path.join(os.environ.get(" - Remote Code Execution in skills/red-teaming/godmode/scripts/godmode_race.py: "exec(open(os.path.join(os.environ.get(" IOCs: - ipv4: 100.77.243.5, 100.64.0.0, 149.154.160.0, 149.154.167.220, 192.0.2.1 (+3 more) - ipv6: 1::, c10d::, 2401:db00:eef0:1100:3560:0:1c05:25d, a::, fd00:ec2:: - urls: https://bookwormpro.local/docs/, https://bookwormpro.local, https://openrouter.ai, https://build.nvidia.com, https://platform.xiaomimimo.com (+45 more) - domains: platform.xiaomimimo.com, www.minimax.io, huggingface.co, agentskills.io, astral.sh (+39 more) - emails: application@q.qq.com, tier@openrouter.ai, 15551234567@s.whatsapp.net, 60123456789@s.whatsapp.net, 47@s.whatsapp.net (+15 more) - ethereumAddresses: 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045, 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913, 0x4200000000000000000000000000000000000006, 0x833589fcd6edb6e08f4c7c32d4f71b54bda02913, 0x2ae3f1ec7f1f5012cfeab0185bfc7aa3cf0dec22 (+8 more) - tunnelServices: https://random-words.trycloudflare.com - payloadFileHash: 5c8768ea48675e149be70ab1b78d53d8e5ac564337cc377094f33ae57f318f5c

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownbookwormpro* (affected)

References

vendor

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›