VDB

GCVE-110-OSM-2026-3437

GCVE-110-OSM-2026-3437
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 29, 2026
Malicious package detected. Behaviors: data exfiltration, code execution, install-time execution. Payload: .bash_history Secondary files: apple-clean/package.json Key findings: - OAST/Interactsh Exfiltration in .bash_history: "webhook.site" - OAST/Interactsh Exfiltration in apple-clean/apple-supply-chain-poc/package.json: "webhook.site" - OAST/Interactsh Exfiltration in apple-clean/package.json: "webhook.site" - OAST/Interactsh Exfiltration in apple-final-poc/package.json: "webhook.site" - OAST/Interactsh Exfiltration in index.js: "webhook.site" IOCs: - ipv4: 1.2.0.0 - ipv6: a::, d::, 4::, A:: - urls: http://169.254.169.254/latest/meta-data/iam/security-credentials/, https://franki.requestcatcher.com/apple-full-harvest;, https://franki.requestcatcher.com/test-koneksi, https://webhook.site/d9f34800-21dd-4668-8773-1f3c7ea8b1be;, https://webhook.site/d9f34800-21dd-4668-8773-1f3c7ea8b1be (+46 more) - domains: franki.requestcatcher.com, registry.npmmirror.com, pip.pypa.io, badges.gitter.im, gitter.im (+38 more) - emails: js@jamesls.com, gustavo@niemeyer.net, tomi.pievilainen@iki.fi, me@jarondl.net, paul@ganssle.io (+6 more) - bitcoinAddresses: 3ddbdf4f3a9c1a45e75789998266f759 - awsAccessKeys: AKIAIWAZLKZYOJLZERHQ - webhookServices: https://webhook.site/d9f34800-21dd-4668-8773-1f3c7ea8b1be;, https://webhook.site/d9f34800-21dd-4668-8773-1f3c7ea8b1be, https://webhook.site/${webID}?info=${data}&status=pwned`);, https://webhook.site/162f1419-988b-4611-9d44-c0df27e0d579, https://webhook.site/bebcbad8-da0e-43e1-af8d-9d069ca3bd42 (+3 more) - binaryHashes: 265e8cf44352b0f8c2b5b7d74c07682ae452fab79f19e6142f48dd32f59feaf7 - payloadFileHash: 0ef19454dad9462a9c38b2bebac1a244a5c6ec108cf5e91c7fbb02a90942af19

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownapple-security-internal-scanner-v3all (affected)

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›