VDB

GCVE-110-OSM-2026-3617

GCVE-110-OSM-2026-3617
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published April 25, 2026
GitHub repository used to host second-stage VSIX payloads and native binaries fetched at runtime by GlassWorm-linked Open VSX extensions. Part of the GlassWorm distribution infrastructure documented by Socket Research on 2026-04-25. GitHub repository hosting GlassWorm second-stage payloads. Referenced by obfuscated runtime loaders embedded in malicious Open VSX extensions, which fetch .vsix files from this repo for execution. Related SHA256 hashes (downloaded VSIX / installer binaries): - 1b62b7c2ed7cc296ce821f977ef7b22bae59ef1dcdb9a34ae19467ee39bcf168 - 4ebfe8f66ca7e9751060b3301b5e8838d6017593cdae748541de83bfa28183bd - 97c275e3406ad6576529f41604ad138c5bdc4297d195bf61b049e14f6b30adfd

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownall (affected)

References

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›