VDB
GCVE-110-OSM-2026-3617
GCVE-110-OSM-2026-3617
Advisory PublishedCVSS 9.6/10
GitHub repository used to host second-stage VSIX payloads and native binaries fetched at runtime by GlassWorm-linked Open VSX extensions. Part of the GlassWorm distribution infrastructure documented by Socket Research on 2026-04-25.
GitHub repository hosting GlassWorm second-stage payloads.
Referenced by obfuscated runtime loaders embedded in malicious Open VSX
extensions, which fetch .vsix files from this repo for execution.
Related SHA256 hashes (downloaded VSIX / installer binaries):
- 1b62b7c2ed7cc296ce821f977ef7b22bae59ef1dcdb9a34ae19467ee39bcf168
- 4ebfe8f66ca7e9751060b3301b5e8838d6017593cdae748541de83bfa28183bd
- 97c275e3406ad6576529f41604ad138c5bdc4297d195bf61b049e14f6b30adfd
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Malicious package:
advisory
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.