VDB

GCVE-110-OSM-2026-5859

GCVE-110-OSM-2026-5859
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 13, 2026
Malicious package detected. Behaviors: data exfiltration, code execution, network activity, obfuscated code, install-time execution. Entrypoint: .prepare.cjs (install-hook: node .prepare.cjs) Exfil: https://api.github.com/repos/Yeachan-Heo/oh-my-claudecode/releases/latest (reconstructed, recovery: reconstructed in bridge/cli.cjs) Payload: bridge/cli.cjs Secondary files: bridge/mcp-server.cjs Key findings: - Environment Variable Exfiltration in bridge/cli.cjs: "process.env.BITBUCKET_APP_PASSWORD; if (username && appPassword) { return ..." - Corporate Environment Targeting in bridge/cli.cjs: "tModel: "opus", metadata: PLANNER_PROMPT_METADATA }; } }); // src/a..." - Download Execute Delete Pattern in bridge/cli.cjs: "SPAWN_TIMEOUT_MS) { if (proc.pid) { killProcessGroup(proc.pid, "SI..." - Reconstructed Obfuscated URL in bridge/cli.cjs: "https://api.github.com/repos/Yeachan-Heo/oh-my-claudecode/releases/latest" - Corporate Environment Targeting in bridge/mcp-server.cjs: "tMode)(it, `property ${prop} matches pattern ${pat} (use allowMatch" IOCs: - ipv4: 172.15.0.1, 172.32.0.1 - ipv6: fe80:: - urls: https://ghfast.top/https://github.com/BurntSushi/ripgrep/releases, https://claude.ai/install.sh, https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.webhook/, https://claude.ai/download, https://dart.dev/get-dart (+48 more) - domains: discordapp.com, docs.n8n.io, this.global, re.global, platform.claude.com (+8 more) - emails: undefined@session.ts, git@gitlab.internal - discordWebhooks: https://discord.com/api/webhooks/123/abc - telegramBots: 123456789:ABCdefGHIjklMNOpqrSTUvwxyz012345678 - telegramApi: api.telegram.org/bot${config2.botToken}/sendMessage`;, api.telegram.org/bot123456789:ABCdefGHIjklMNOpqrSTUvwxyz012345678/sendMessage, api.telegram.org/bot${config.botToken}/sendMessage`;, api.telegram.org/bot<YOUR_TOKEN, api.telegram.org/bot${BOT_TOKEN}/getUpdates (+1 more) - slackWebhooks: https://hooks.slack.com/services/T00/B00/xxx, http://hooks.slack.com/services/T00/B00/xxx, https://hooks.slack.com/services/T00/B00/override - payloadFileHash: bc20b8a501ba2d35f029dee3034f4f3687b942b440de79bb14e8208d1abef7ff Hidden install (secondary package pulled at runtime): - -g [OSM: clean] in dist/features/auto-update.js - --omit [OSM: clean] in scripts/plugin-setup.mjs - --package-lock-only [OSM: clean] in scripts/release.ts - tsx [OSM: clean] in scripts/release.ts

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownoh-my-ashclawall (affected)

References

advisory
vendor

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›