VDB
GCVE-110-OSM-2026-5208
GCVE-110-OSM-2026-5208
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: code execution, obfuscated code.
Entrypoint: index.ts (main: index.ts)
Payload: index.ts
Key findings:
- Global Variable Shadowing in index.ts: "var process = {"
- Dynamic Code Execution in index.ts: "exec(str1)"
IOCs:
- urls: https://telegram.me/grammyjs
- domains: ctx.me, telegram.me
- payloadFileHash: 12809e5d349ad1992bd87a986f3cb54fd9d9a5aedd71d18452909c5be104feeb
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | 8oo | all (affected) | — |
Aliases
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.