VDB
GCVE-110-OSM-2026-4293
GCVE-110-OSM-2026-4293
Advisory PublishedCVSS 9.6/10
Malicious vscode tasks.json file that delivers malware via GitHooks feature, to the user device, when the tasks.json file runs automatically when using visual studio code.
Malicious .githooks exists on the Develop branch.
These githooks are postcheckout and precommits. The 3rd payload talks to secondary C2 hosted at checkmyip-address[.]vercel[.]app, the code sends POST requests with environment variables accessible to via process.env in NodeJS and a dynamic code execution path exists, as the returned response is executed on user device. The final payload returned from the secondary C2 is Infostealer malware that talks to C2 144[.]172[.]94[.]202/api/
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Malicious package:
advisory
Browse GCVE Records
72,580 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.