VDB
GCVE-110-OSM-2026-5859
GCVE-110-OSM-2026-5859
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration, code execution, network activity, obfuscated code, install-time execution.
Entrypoint: .prepare.cjs (install-hook: node .prepare.cjs)
Exfil: https://api.github.com/repos/Yeachan-Heo/oh-my-claudecode/releases/latest (reconstructed, recovery: reconstructed in bridge/cli.cjs)
Payload: bridge/cli.cjs
Secondary files: bridge/mcp-server.cjs
Key findings:
- Environment Variable Exfiltration in bridge/cli.cjs: "process.env.BITBUCKET_APP_PASSWORD;
if (username && appPassword) {
return ..."
- Corporate Environment Targeting in bridge/cli.cjs: "tModel: "opus",
metadata: PLANNER_PROMPT_METADATA
};
}
});
// src/a..."
- Download Execute Delete Pattern in bridge/cli.cjs: "SPAWN_TIMEOUT_MS) {
if (proc.pid) {
killProcessGroup(proc.pid, "SI..."
- Reconstructed Obfuscated URL in bridge/cli.cjs: "https://api.github.com/repos/Yeachan-Heo/oh-my-claudecode/releases/latest"
- Corporate Environment Targeting in bridge/mcp-server.cjs: "tMode)(it, `property ${prop} matches pattern ${pat} (use allowMatch"
IOCs:
- ipv4: 172.15.0.1, 172.32.0.1
- ipv6: fe80::
- urls: https://ghfast.top/https://github.com/BurntSushi/ripgrep/releases, https://claude.ai/install.sh, https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.webhook/, https://claude.ai/download, https://dart.dev/get-dart (+48 more)
- domains: discordapp.com, docs.n8n.io, this.global, re.global, platform.claude.com (+8 more)
- emails: undefined@session.ts, git@gitlab.internal
- discordWebhooks: https://discord.com/api/webhooks/123/abc
- telegramBots: 123456789:ABCdefGHIjklMNOpqrSTUvwxyz012345678
- telegramApi: api.telegram.org/bot${config2.botToken}/sendMessage`;, api.telegram.org/bot123456789:ABCdefGHIjklMNOpqrSTUvwxyz012345678/sendMessage, api.telegram.org/bot${config.botToken}/sendMessage`;, api.telegram.org/bot<YOUR_TOKEN, api.telegram.org/bot${BOT_TOKEN}/getUpdates (+1 more)
- slackWebhooks: https://hooks.slack.com/services/T00/B00/xxx, http://hooks.slack.com/services/T00/B00/xxx, https://hooks.slack.com/services/T00/B00/override
- payloadFileHash: bc20b8a501ba2d35f029dee3034f4f3687b942b440de79bb14e8208d1abef7ff
Hidden install (secondary package pulled at runtime):
- -g [OSM: clean] in dist/features/auto-update.js
- --omit [OSM: clean] in scripts/plugin-setup.mjs
- --package-lock-only [OSM: clean] in scripts/release.ts
- tsx [OSM: clean] in scripts/release.ts
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | oh-my-ashclaw | all (affected) | — |
Aliases
Browse GCVE Records
73,280 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.