VDB

GCVE-110-OSM-2026-5920

GCVE-110-OSM-2026-5920
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 14, 2026
This package is an SEO-spam and affiliate-link-farm operation using npm as a static hosting vehicle. The entrypoint index.html contains Chinese-language SEO metadata targeting adult gossip/piracy audiences ('黑料网', '91视频', '50度灰') with affiliate redirect URLs across multiple suspicious TLDs (.top, .xyz, .icu): e.g., https://c7f6.apqmzcru.top/chan/h57170/6Edmj and https://p3.ylzajgm.xyz/?aff_code=6Edmj. The publisher 'thiencotrilien6688' has published 16 near-identical packages (182-6run through 182-29run) in a rapid burst consistent with SEO spam farming, and one sibling package (182-23run) is already confirmed malicious in OSM. The URL at https://node12.aizhantj.com:21233/tjjs/?k=18k6tpxdnsx matches a tracking/analytics beacon pattern typical of affiliate fraud. The package presents no legitimate library functionality — its entire purpose is deploying SEO-poisoned HTML with monetized redirect chains. ENTRY index.html (main: index.html) ADDITIONAL FINDINGS - Suspicious TLD Domain in index.js: "https://c7f6.apqmzcru.top" - Publisher Has Other Malicious Packages - Rapid Version Publishing PAYLOAD FILES index.js INDICATORS (IOCs) - ipv6: F:: - urls: https://c7f6.apqmzcru.top/chan/h57170/6Edmj, https://p3.ylzajgm.xyz/?aff_code=6Edmj#/, https://seselu.icu, https://6bce.djhfhuo.top/aff-2gfE, https://15bc.fkrglzoc.top/aff-E75A (+8 more) - domains: 6bce.djhfhuo.top, 15bc.fkrglzoc.top, node12.aizhantj.com, 182.run - payloadFileHash: 974572bebb28754d33a8cbca721c51cd5459541a24b817148b88e8a0f5744c13

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown182runall (affected)

References

vendor

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›