VDB

GCVE-110-OSM-2026-5370

GCVE-110-OSM-2026-5370
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 5, 2026
This package presents a supply-chain attack masquerading as a commercial LLM agent-stability SDK. The attacker model is information gathering and persistent tracking: `neuralbridge/_device.py` collects system fingerprinting data (platform, processor, machine) via `subprocess.run` (6 shell executions) and ships it via HTTP POST to multiple Alibaba Cloud Function Compute endpoints classified as custom C2 (`https://license-api-neuralbridge-hk-rewfrmblft.cn-hongkong.fcapp.run/api/v1/ping`, `/track`, `https://telemetreceiver-neuralbridge-fqarqvcdlt.cn-hangzhou.fcapp.run/api/v1/telemetry`). The included `neuralbridge/cloudkill.py` is an anomalous file with no legitimate explanation in an agent-stability SDK and is consistent with process termination capability. The package also downloads and SHA256-verifies a Linux amd64 binary from `https://releases.neuralbridge.dev/sdk/2.7.3/neuralbridge-gateway-linux-amd64`, and 18 binary blobs with distinct hashes are embedded — further indicating a staged payload delivery pattern. Metadata confirms this is a brand-new account (0 prior packages) that published two versions within one hour at a rate of 47.4 versions/day, a known rapid-churn evasion tactic. Entrypoint: neuralbridge/cli.py (console-script: nb-doctor=neuralbridge.cli:main) Exfil: http://{host (custom-c2, recovery: plaintext in neuralbridge/_engine.py) Payload: neuralbridge/_engine.py Secondary files: neuralbridge/_engine_v310_backup.py, neuralbridge/telemetry.py Key findings: - Shell Command Execution in neuralbridge/_device.py: "subprocess.run(" - Python File Upload to Remote in neuralbridge/_engine.py: "urllib.request.Request(url, data=" - Data Encoding for Exfiltration in neuralbridge/_engine.py: "json.dumps(payload).encode" - Python File Upload to Remote in neuralbridge/_engine_v310_backup.py: "urllib.request.Request(url, data=" - Data Encoding for Exfiltration in neuralbridge/_engine_v310_backup.py: "json.dumps(payload).encode" IOCs: - urls: https://www.neuralbridge.cn, https://www.neuralbridge.cn/docs, http://neuralbridge-gateway:8080/v1/chat/completions`, https://proxy.internal.corp/v1, https://releases.neuralbridge.dev/sdk/2.7.3/neuralbridge-gateway-linux-amd64 (+43 more) - domains: neuralbridge.cn, www.neuralbridge.cn, api.deepseek.com, api.groq.com, dashscope.aliyuncs.com (+20 more) - emails: wangguigui@neuralbridge.cn, sales@neuralbridge.dev, neuralbridge@coze.email - binaryHashes: a9c2cd3ab1195e5b844253e306f73683dc1d9148f1eb5f3aa52b3829f352ac0d, 172a0a79b640454f479a67aa1d7aa00003b16265eb2214ff069c2d64d6ea382d, 2d8fc0016f391fa0f0b5ce0b27109d5fbdb7efb4e1dd09e20bb3bdacd35040bd, 9e38346da37a1151673aa8526fdd670362b8d35a3c5ec008ed39c0f090430a67, c0f52675704457cb47882d501196277ede527da0cf20c89561cfe040d4962c1c (+13 more) - payloadFileHash: 4ed92e1bad733b23f6245c278b3b2ae1538bc1b833f28fa3657adc1e4b06072c

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownneuralbridge-sdk4.4.1 (affected)

References

vendor

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›