VDB

GCVE-110-OSM-2026-5879

GCVE-110-OSM-2026-5879
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published June 14, 2026
The author of this package describes it as a "security placeholder" and appears to be a misguided way of marking former malicious packages so they don't get used again. This package is one of several dozen packages published by the author. Marking these as low severity. ENTRY index.js (main: index.js) EXFIL - System Information Collection in index.js: "os.homedir()" ADDITIONAL FINDINGS - Publisher Has Other Malicious Packages PAYLOAD FILES index.js INDICATORS (IOCs) - payloadFileHash: 5052735286be2f1ca3e52c72943411c14d7e040454c436c1136307f270e30dbc

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknownteampcpall (affected)

References

vendor

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›