VDB

GCVE-110-OSM-2026-5215

GCVE-110-OSM-2026-5215
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 2, 2026
Malicious package detected. Behaviors: data exfiltration, code execution, network activity. Entrypoint: log.js (main: log.js) Exfil: https://api.telegram.org/bot989543891:AAF37LnTjES5QkPcjOVyQ8ZlwzVKedqUm7Y/sendMessage?chat_id=-1001161709623&text=${...} (reconstructed, recovery: reconstructed) Payload: t.js Secondary files: o.js, m.js Key findings: - Webhook Data Exfiltration in m.js: "api.telegram.org/bot989543891:AAF37LnTjES5QkPcjOVyQ8ZlwzVKedqUm7Y/sendMessage" - Webhook Data Exfiltration in mod.js: "api.telegram.org/bot989543891:AAF37LnTjES5QkPcjOVyQ8ZlwzVKedqUm7Y/sendMessage" - Webhook Data Exfiltration in o.js: "api.telegram.org/bot989543891:AAF37LnTjES5QkPcjOVyQ8ZlwzVKedqUm7Y/sendMessage" - Fetch and Eval/Exec in t.js: "Fetch(get)//toNodeFetch(list) // x = await eval" - Suspicious URL Pattern in Template Literal in m.js: "https://api.telegram.org/bot989543891:AAF37LnTjES5QkPcjOVyQ8ZlwzVKedqUm7Y/sendMe..." IOCs: - urls: https://i----i.firebaseio.com/ff.json, https://i----i.firebaseio.com/.json, https://jiijii.firebaseio.com/.json, https://api.telegram.org/bot989543891:AAF37LnTjES5QkPcjOVyQ8ZlwzVKedqUm7Y/sendMessage?chat_id=-1001161709623&text=${...}, https://api.telegram.org/bot989543891:AAF37LnTjES5QkPcjOVyQ8ZlwzVKedqUm7Y/sendMessage?chat_id=${...}&text=${...} - domains: randomuser.me, i----i.firebaseio.com, ibb.co, www.mapquestapi.com, jiijii.firebaseio.com (+2 more) - telegramApi: api.telegram.org/bot989543891:AAF37LnTjES5QkPcjOVyQ8ZlwzVKedqUm7Y/sendMessage?chat_id=${, api.telegram.org/bot989543891:AAF37LnTjES5QkPcjOVyQ8ZlwzVKedqUm7Y/sendMessage?chat_id=${x}&text=${encodeURIComponent(z)}`), api.telegram.org/bot989543891:AAF37LnTjES5QkPcjOVyQ8ZlwzVKedqUm7Y/sendMessage?chat_id=${id}&text=${encodeURIComponent(z)}`) - payloadFileHash: 15f48dcbb29bfe24632c0f3ff0e47a44cdbdc004c7d3fc855a3959c4973edb8e

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown11jall (affected)

References

advisory
vendor

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›