VDB
GCVE-110-OSM-2026-3780
GCVE-110-OSM-2026-3780
Advisory PublishedCVSS 9.6/10
[osmalyze-auto] Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code, install-time execution.
[osmalyze-auto] Entrypoint: scripts/detach-run.cjs (install-hook: node ./scripts/detach-run.cjs)
Exfil: 54.234.216.79 (custom-c2, recovery: deobfuscated in scripts/client.cjs)
Payload: scripts/client.cjs
Key findings:
- Download Execute Delete Pattern in scripts/client.cjs: "spawn",
}));
return { ok: true, items };
}
async function fsRemove(filePath..."
- Stealth Background Process Spawning in scripts/detach-run.cjs: "spawn(process.execPath, [script], { detached: true, stdio: "ignore", cwd: root }"
- IOCs Found in Deobfuscated Code in scripts/client.cjs
- Clipboard Access in dist/index.cjs: "navigator.clipboard.writeText"
- Clipboard Access in dist/index.js: "navigator.clipboard.writeText"
IOCs:
- ipv4: 54.234.216.79
- payloadFileHash: 4f43973e901940b03402c83c5b3edfad0501510414470b5e139c80b1c90ca542
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | react-copy-lite | all (affected) | — |
Browse GCVE Records
73,734 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.