VDB

GCVE-110-OSM-2026-421

GCVE-110-OSM-2026-421
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published May 29, 2026
Malicious package detected. Behaviors: data exfiltration, code execution. Microsoft removal context: Extension ID: Embedder.embedder-infineon Publisher: Embedder Removal Date: 5/22/2026 Violation Type: untrustworthy Removed from the VS Code Marketplace by Microsoft for violating marketplace policies. Source: https://github.com/microsoft/vsmarketplace/blob/main/RemovedPackages.md Entrypoint: out/extension.js (vscode-activation: [object Object]) Exfil: https://www.rfc-editor.org/rfc/rfc5789.html (custom-c2, recovery: plaintext in out/extension.js) Payload: out/extension.js Key findings: - Environment Variable Exfiltration in out/extension.js: "process.env["GITHUB_SHA"] || // GitLab CI - https://docs.gitlab.com/ee/ci/variab..." - Shell Command Execution in out/extension.js: "child_process").spawn" IOCs: - urls: https://docs.embedder.com/changelog, https://app.embedder.com, https://kicanvas.org/home, https://thea.codes, https://partsbox.com/ (+45 more) - domains: docs.embedder.com, app.embedder.com, embedder.com, kicanvas.org, partsbox.com (+31 more) - emails: help@embedder.com, founders@embedder.com, dabh@alumni.stanford.edu, ffddaca20e5fd45b5c4c4263140fd909@sentry-service-prod.embedder.dev - payloadFileHash: e9bbf6655b6b1adee3192fcb5e9d3ef80350f0c5957c850dd320aa373ed615a8

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownsun-shine-studio.shiny-extension-for-vscodeall (affected), * (affected), all (affected), * (affected), all (affected), all (affected), all (affected), all (affected)
unknownEmbedder.embedder-infineon0.3.115 (affected)
unknownsol-studio.solidity-extensionall (affected), all (affected), * (affected), * (affected), * (affected), all (affected)
unknownko-zu-gun-studio.synchronization-settings-vscodeall (affected)
unknownssgwysc.volar-vscodeall (affected)

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›