VDB

GCVE-110-OSM-2026-3694

GCVE-110-OSM-2026-3694
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published May 7, 2026
[osmalyze-auto] Malicious package detected. Behaviors: data exfiltration, code execution, network activity. [osmalyze-auto] Entrypoint: index.js (main: index.js) Exfil: http://169.254.169.254/latest/meta-data/ (custom-c2, recovery: plaintext in index.js) Payload: index.js Key findings: - Sensitive File Access in index.js: "'~/.aws/credentials'" - OAST/Interactsh Exfiltration in index.js: "oastify.com" - Publisher Has Other Malicious Packages - Shell Command Execution in index.js: "require('child_process')" - Brand New Package IOCs: - urls: http://169.254.169.254/latest/meta-data/, http://169.254.169.254/latest/meta-data/iam/security-credentials/ - domains: kubernetes.io - webhookServices: https://webhook.site/1fa2ba5b-e98c-4c76-ab52-482c6690c983 - payloadFileHash: 95fe6535e4f86361eac4b48fd0d365f5bf695a67cce2ed3598cd7586460a87be

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownmrdaa-frontendall (affected)

References

advisory
vendor

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›