VDB

GCVE-110-OSM-2026-4111

GCVE-110-OSM-2026-4111
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published May 11, 2026
Compromised versions of `@squawk/flight-math` (0.5.4, 0.5.5, 0.5.6, 0.5.7) part of the Mini Shai-Hulud npm supply-chain worm (May 2026), originating from the TanStack package compromise and attributed to threat group TeamPCP. The worm self-propagates by stealing OIDC publishing tokens during legitimate CI runs and republishing infected packages with valid Sigstore provenance attestations. Each compromised release contains a multi-stage implant that harvests GitHub Actions secrets, AWS/Kubernetes/HashiCorp Vault credentials, and exfiltrates over the Session P2P messaging network. Cross-referenced from Aikido, StepSecurity, and Socket research. === STAGE 1: router_init.js (~2.3 MB obfuscated) === Injected into: node_modules/@squawk/flight-math/router_init.js SHA256: ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c SHA1: 12ed9a3c1f73617aefdb740480695c04405d7b4b MD5: 833fd59ebe66a4449982c6d18db656b4 Heavily obfuscated using javascript-obfuscator (string-array rotation, hex-encoded lookups, control-flow flattening via while(!![]) state machines). Spawns a daemonized child process with stdio suppressed and parent unref() to mask exit. Harvests GitHub Actions secrets (GITHUB_*, ACTIONS_ID_TOKEN_REQUEST_TOKEN, ACTIONS_ID_TOKEN_REQUEST_URL, REST API repository secrets), AWS credentials via IMDSv2 PUT /latest/api/token (169.254.169.254), ECS Task Metadata (169.254.170.2), Secrets Manager and SSM Parameter Store across all regions, Kubernetes service-account tokens from /var/run/secrets/kubernetes.io/serviceaccount/, and HashiCorp Vault tokens (VAULT_TOKEN/AUTH_TOKEN/ADDR, vault.svc.cluster.local:8200, 127.0.0.1:8200). === STAGE 2: tanstack_runner.js (npm worm propagation) === SHA256: 2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96 SHA1: e7d582b98ca80690883175470e96f703ef6dc497 MD5: b82e54923f7e440664d2d75bd31588ca Acquires an npm OIDC JWT via ACTIONS_ID_TOKEN_REQUEST_URL, exchanges it for a publish token through OIDC federation with the npm registry, bundles the implant into .tgz/.tar.zst archives, and republishes packages under the latest dist-tag using the stolen maintainer identity. Critically, it also submits a valid Sigstore provenance attestation as a deceptive trust signal. Injects a malicious optionalDependencies entry pointing to github:tanstack/router#79ac49eedf774dd4b0cfa308722bc463cfe5885c, whose `prepare` lifecycle hook executes `bun run tanstack_runner.js && exit 1` — guaranteeing infection on any downstream git-dependency install. === STAGE 3: Repository Poisoning === Uses GitHub GraphQL createCommitOnBranch mutation to inject payloads into compromised repositories: .github/workflows/ for Actions workflow injection; .claude/router_runtime.js, .claude/settings.json, .claude/setup.mjs for Claude Code hook persistence; .vscode/setup.mjs and .vscode/tasks.json for VS Code task hijack. All injected commits are spoofed with author claude@users.noreply.github.com to disguise the activity. === EXFILTRATION / C2 === Routes harvested credentials through the Session P2P messaging network using signalservice Protocol Buffers (Envelope, Content, DataMessage, WebSocketMessage, SharedConfigMessage, CallMessage). Traffic appears as encrypted IM rather than traditional HTTP C2. C2 / exfiltration infrastructure observed across reports: - filev2.getsession.org (Session file storage — primary exfil endpoint) - seed1.getsession.org (Session bootstrap node) - api.masscan.cloud (attacker-controlled API) - git-tanstack.com (typosquat domain mimicking github.com/tanstack) === ATTACKER INFRASTRUCTURE === GitHub account: voicproducoes (ID 269549300, created 2026-03-19) Malicious commit: 79ac49eedf774dd4b0cfa308722bc463cfe5885c Threat group: TeamPCP Compromised versions of @squawk/flight-math: 0.5.4, 0.5.5, 0.5.6, 0.5.7

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@squawk/flight-math

References

vendor

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›