VDB

GCVE-110-OSM-2026-614

GCVE-110-OSM-2026-614
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published June 10, 2026
Malicious vscode task.json that delivers malware to user device when it is opened in visual studio code as trusted workspace. The payload URL in the tasks.json file uses URL shortners, which a known technique used in TasksJacker campaign the attacker C2 hosted at 165[.]140[.]86[.]190. The final payload delivers obfuscated JS malware.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownmilla-migrationall (affected), all (affected), all (affected), all (affected)
unknownall (affected)
unknownnetflixidentityall (affected), * (affected), all (affected), all (affected), all (affected), * (affected), * (affected), * (affected), * (affected)
unknownpulse-shop-sectionall (affected), * (affected)

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›