VDB
GCVE-110-OSM-2026-5861
GCVE-110-OSM-2026-5861
Advisory PublishedCVSS 8.8/10
Malicious package detected. Behaviors: data exfiltration, code execution, install-time execution.
Entrypoint: dist/index.js (main: dist/index.js)
Payload: scripts/postinstall.js
Key findings:
- Shell Command Execution in scripts/build.js: "require('child_process')"
- Hidden NPM Install in scripts/build.js: "execSync('npx tsc'"
- Platform Detection with Data Collection in scripts/postinstall.js: "JSON.stringify({ ping: 'npm' });
const options = {
hos"
- Brand New Package
- Very New NPM Publisher Account
IOCs:
- domains: npm.wdf1.eyes.sh
- payloadFileHash: 66713e0d80898dde7ff350e1d0e4961de5f4d200f9a1c0c68c32a4034d504f0f
Hidden install (secondary package pulled at runtime):
- tsc [OSM: clean] in scripts/build.js
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | easy-time666 | all (affected) | — |
Aliases
Browse GCVE Records
73,161 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.