VDB

GCVE-110-OSM-2026-4293

GCVE-110-OSM-2026-4293
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published May 18, 2026
Malicious vscode tasks.json file that delivers malware via GitHooks feature, to the user device, when the tasks.json file runs automatically when using visual studio code. Malicious .githooks exists on the Develop branch. These githooks are postcheckout and precommits. The 3rd payload talks to secondary C2 hosted at checkmyip-address[.]vercel[.]app, the code sends POST requests with environment variables accessible to via process.env in NodeJS and a dynamic code execution path exists, as the returned response is executed on user device. The final payload returned from the secondary C2 is Infostealer malware that talks to C2 144[.]172[.]94[.]202/api/

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownall (affected)

References

Browse GCVE Records

72,580 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›