VDB
GCVE-110-OSM-2026-5136
GCVE-110-OSM-2026-5136
Advisory PublishedCVSS 9.6/10
Compromised release of the legitimate @redhat-cloud-services/tsc-transform-imports npm package. Malicious versions 1.2.2, 1.2.4, 1.2.6 were published from Red Hat's compromised GitHub Actions OIDC pipeline and carry a preinstall credential-harvesting implant that steals cloud, CI/CD, npm/PyPI, SSH and GPG secrets — including live secrets read from the Runner.Worker /proc memory — and exfiltrates via GitHub dead-drop C2. Part of a coordinated supply-chain compromise of 32 packages in the @redhat-cloud-services scope.
=== EXECUTION ===
Malicious payload delivered via a preinstall script in package.json that runs `node index.js` before any application code executes. The bundled index.js is ~4.2 MB (anomalous for a library) and runs automatically on `npm install`.
=== OBFUSCATION ===
Layered: ROT-21 Caesar cipher over numeric char-code arrays; AES-128-GCM (two blobs: _b Bun downloader, _p main implant); obfuscator.io with a non-standard base64 alphabet; custom "B5" cipher using PBKDF2 (200,000 iterations, SHA-256) + Fisher-Yates byte substitution.
=== CREDENTIAL HARVESTING ===
Targets GitHub Actions (GITHUB_TOKEN, ACTIONS_RUNTIME_TOKEN, ACTIONS_ID_TOKEN_REQUEST_TOKEN, NPM_TOKEN), AWS (keys + ~/.aws/credentials), GCP application-default + service-account keys, Azure service principal + managed-identity tokens, HashiCorp Vault (VAULT_TOKEN/VAULT_ADDR), Kubernetes in-cluster SA token + ~/.kube/config, npm ~/.npmrc, PyPI ~/.pypirc, SSH private keys (~/.ssh/id_rsa, ~/.ssh/id_ed25519), Docker ~/.docker/config.json, GPG ~/.gnupg/, and .env files across the filesystem. Reads /proc/<pid>/mem of the Runner.Worker process to extract live secrets, and queries the GitHub Actions runtime API via ACTIONS_RUNTIME_TOKEN to identify masked secrets. Harvested npm tokens are reused with a bypass_2fa parameter to override two-factor auth.
=== PERSISTENCE / C2 ===
GitHub dead-drop C2 via the GitHub Contents API (creates refs/commits carrying base64-encoded exfil data). VS Code task injection via .vscode/tasks.json (folderOpen trigger). Claude Code hijack via ~/.claude/settings.json SessionStart hook. C2 domains remained encrypted/unrecovered at time of reporting.
=== DELIVERY ===
Compromised upstream CI/CD: affected versions were published from RedHatInsights/javascript-clients via GitHub Actions OIDC, indicating the maintainer's CI/CD pipeline was compromised (not typosquat/dependency-confusion).
=== IOCs ===
B5 cipher password: ba2c6ddb3672bdd6a611e6850b4f700b52aed3dab2f1b3d5f8c839d4a157a709
B5 cipher salt: 5b26508dc0f1075a7c0b4d8aa464487e
AES-128-GCM key (_b/Bun downloader): 4c26cf9791bce1bfd4b84eba80ce2754
AES-128-GCM IV (_b): 1241582f04234f7192feacba
AES-128-GCM key (_p/main implant): ec514c074caf0ffdce6c66a0e95753d8
AES-128-GCM IV (_p): 1251c3b85365f9b56a956c10
Payload drop path: /tmp/p<random>.js ; Bun binary in randomly-named /tmp/ subdir
Affected RedHatInsights repos (victim CI/CD): javascript-clients (#492), frontend-components (#2329), platform-frontend-ai-toolkit (#57)
Sources: https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | @redhat-cloud-services/tsc-transform-imports | — | — |
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.