VDB
GCVE-110-OSM-2026-3466
GCVE-110-OSM-2026-3466
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code.
Payload: assets/vendor.1192ef24.js
Key findings:
- Corporate Environment Targeting in assets/index.66d50abe.js: "tMonitor))try{const t=Ot(),a=await async function(e=[]){const t=Jt(e,(()=>[])).f..."
- Corporate Environment Targeting in assets/vendor.1192ef24.js: "tModifiers:[yv,Pv,gv,Yf,Vv,Av,zv,fv,Bv]});const Uv=(e,t,l={})=>{const n={name:"u..."
- Reconstructed Obfuscated URL in assets/vendor.1192ef24.js: "https://vuejs.org/error-reference/#runtime-(?:/|$)1"
- Shell Command Execution in assets/index.66d50abe.js: "child_process").exec"
- Data Encoding for Exfiltration in assets/index.66d50abe.js: "encodeURIComponent(n),r=encodeURIComponent(i),o=Number(se.steamId||0)||null,s=[{..."
IOCs:
- ipv6: 1:2:3:4:5:6:7::, 1:2:3:4:5:6:7:8, 1:2:3:4:5:6::, 1:2:3:4:5::, 1:2:3:4:: (+3 more)
- urls: https://element-plus.org/en-US/component/checkbox.html, https://element-plus.org/en-US/component/radio.html, https://element-plus.org/zh-CN/component/pagination.html, https://vuejs.org/error-reference/#runtime-(?:/|$)1
- domains: cdn.cloudflare.steamstatic.com, www.pcgamingwiki.com, www.bing.com, www.baidu.com, steamui.com (+9 more)
- payloadFileHash: fc7f2da59381dfc75840e78886ac3a831e988035dbaa878375d955bc4927f0e8
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | mayfly-game-save | all (affected) | — |
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.