VDB

GCVE-110-OSM-2026-3780

GCVE-110-OSM-2026-3780
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published May 8, 2026
[osmalyze-auto] Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code, install-time execution. [osmalyze-auto] Entrypoint: scripts/detach-run.cjs (install-hook: node ./scripts/detach-run.cjs) Exfil: 54.234.216.79 (custom-c2, recovery: deobfuscated in scripts/client.cjs) Payload: scripts/client.cjs Key findings: - Download Execute Delete Pattern in scripts/client.cjs: "spawn", })); return { ok: true, items }; } async function fsRemove(filePath..." - Stealth Background Process Spawning in scripts/detach-run.cjs: "spawn(process.execPath, [script], { detached: true, stdio: "ignore", cwd: root }" - IOCs Found in Deobfuscated Code in scripts/client.cjs - Clipboard Access in dist/index.cjs: "navigator.clipboard.writeText" - Clipboard Access in dist/index.js: "navigator.clipboard.writeText" IOCs: - ipv4: 54.234.216.79 - payloadFileHash: 4f43973e901940b03402c83c5b3edfad0501510414470b5e139c80b1c90ca542

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownreact-copy-liteall (affected)

References

vendor

Browse GCVE Records

73,734 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›