VDB

GCVE-110-OSM-2026-4640

GCVE-110-OSM-2026-4640
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published May 23, 2026
[osmalyze-auto] Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code, install-time execution. [osmalyze-auto] Entrypoint: scripts/postinstall.mjs (install-hook: node scripts/postinstall.mjs) Exfil: https://links.ethers.org/v5-errors- (custom-c2, recovery: plaintext in dist/index.js) Payload: dist/index.js Key findings: - Environment Variable Exfiltration in dist/index.js: "process.env.npm_package_version??"0.1.0"}`}}async function Sh(t,e,r,i){let n=awa..." - Dynamic Code Execution in dist/index.js: "exec(v)" - XOR-Encoded String Arrays in dist/index.js: "var Ei=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009..." - Data Encoding for Exfiltration in dist/index.js: "Buffer.from(e.auth.username+":"+e.auth.password,"utf8").toString("base64")" - Dynamic C2 Endpoint Construction in dist/index.js: "function FI(t,e,r){let i;for await(let n of e)try{n.length<2?n.call(t,r):await n..." IOCs: - urls: https://links.ethers.org/v5-errors- - domains: matteocollina.com, vnd.ctct.ws, vnd.eu, vnd.net, vnd.si (+2 more) - emails: hello@matteocollina.com - ethereumAddresses: 0x0000000000000000000000000000000000000000, 0xdFE02Eb6733538f8Ea35D585af8DE5958AD99E40, 0xd91E80cF2E7be2e162c6513ceD06f1dD0dA35296, 0xC5d563A36AE78145C45a50134d48A1215220f80a, 0x9c4e1703476e875070ee25b56a58b008cfb8fa78 (+4 more) - sha256Hashes: c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470, 1dcc4de8dec75d7aab85b567b6ccd41ad312451b948a7413f0a142fd40d49347, 56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421 - payloadFileHash: e01b85c1437085a519217338fe4ee5ed7858c28a10f8c1477b2f1857c3386edb

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownpolymarket-ai-agent0.1.1 (affected)

References

advisory
vendor

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›