VDB

GCVE-110-OSM-2026-5896

GCVE-110-OSM-2026-5896
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 14, 2026
This package is a destructive sabotage tool targeting Python environments. The bin/cli.js entrypoint (registered as 'env-base64-json') executes three adversarial operations on invocation: (1) runs `pip freeze | xargs pip uninstall -y` to silently uninstall all Python packages on the system, (2) recursively walks the entire filesystem from '/' renaming every `.py` file to `.py-hacked` — a wiper/ransomware-style file corruption pattern — and (3) enumerates all running Python processes via `ps aux | grep python` and kills each one with `kill -9`. A separate index.js collects `process.env` serialized as base64, consistent with credential harvesting. The publisher ('binizik', mail.ru email, 8 versions published within ~90 minutes) has no prior reputation and the package name 'super-test-json' is generic cover. The Cyrillic comments confirm intentional authorship of the destructive logic. ENTRY bin/cli.js (bin: ./bin/cli.js) - Bin Field Command Injection in package.json: ""bin": { "env-base64-json":" EXFIL - Environment Variable Exfiltration in index.js: "JSON.stringify(process.env)" - Data Encoding for Exfiltration in index.js: "Buffer.from(envJson).toString('base64')" ADDITIONAL FINDINGS - Shell Command Execution in bin/cli.js: "require('child_process')" - Rapid Version Publishing PAYLOAD FILES index.js INDICATORS (IOCs) - payloadFileHash: 7e5b6f9dbab38a67688d63a1c7a73eaeae35da57eb4ce472735072a9689e2a11

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownsuper-test-jsonall (affected)

References

vendor

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›