VDB

GCVE-110-OSM-2026-5925

GCVE-110-OSM-2026-5925
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 14, 2026
The package implements a browser redirect campaign: `beamglea.js` constructs a URL via string concatenation (`https://cfn.kafiky.com/NPiGdCBx#akash.d@lakeb2b.com`) and immediately invokes `window.location.href` to redirect the victim's browser to an attacker-controlled domain. The email address embedded as a URL fragment (`akash.d@lakeb2b.com`) is a classic tracking/attribution token used in phishing and click-fraud operations to identify which victim/install path was hit. The publisher `focalxcds12340` created their account approximately 3 days before publish and immediately flooded the registry with 23 identically-structured `redirect-*` packages — a bulk-publish pattern consistent with SEO poisoning, dependency confusion, or phishing redirect distribution. The domain `cfn.kafiky.com` has no established reputation and the URL path is a short opaque token, consistent with an attacker-controlled redirect/tracking endpoint. No legitimate npm package has a reason to redirect a browser to an external URL with an embedded email on load. ENTRY beamglea.js (main: beamglea.js) DESTINATION - reconstructed: https://cfn.kafiky.com/NPiGdCBx#akash.d@lakeb2b.com (primary, reconstructed) in beamglea.js OBFUSCATION - recovered 1 urls, 1 domains from decoded/deobfuscated content ADDITIONAL FINDINGS - Reconstructed Obfuscated URL in beamglea.js: "https://cfn.kafiky.com/NPiGdCBx#akash.d@lakeb2b.com" PAYLOAD FILES beamglea.js INDICATORS (IOCs) - urls: https://cfn.kafiky.com/NPiGdCBx - domains: lakeb2b.com, cfn.kafiky.com - emails: akash.d@lakeb2b.com - payloadFileHash: b3125734e082053b7b775c93aa93b92833752ffc254f750961f2b00bd5e6f304

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownredirect-r0x3juall (affected)

References

vendor

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›