VDB

GCVE-110-OSM-2026-4058

GCVE-110-OSM-2026-4058
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published May 11, 2026
[osmalyze-auto] Malicious package detected. Behaviors: code execution, obfuscated code. [osmalyze-auto] Entrypoint: dist/index.js (bin: ./dist/index.js) Payload: dist/index.js Key findings: - Dynamic Code Execution in dist/index.js: "exec(val)" - Obfuscation: function to array replacements in dist/packager-tool.js - Very New NPM Publisher Account - Publisher Shows Burner-Account Pattern IOCs: - ipv4: 6.12.1.1 - urls: http://purl.org/dc/elements/1.1/, http://schemas.openxmlformats.org/package/2006/metadata/core-properties, http://schemas.openxmlformats.org/package/2006/content-types, http://schemas.openxmlformats.org/package/2006/relationships, http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties (+2 more) - domains: purl.org, cloud.uipath.com - payloadFileHash: 96b3cba3ce39691f299e5bec84299e93f2882c7e99e33f8279e723979b7d2c3c

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@uipath/case-tool1.0.0 (affected)

References

vendor

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›