VDB
GCVE-110-OSM-2026-617
GCVE-110-OSM-2026-617
Advisory PublishedCVSS 8.8/10
Malicious VSCode tasks.json file that delivers malware to user device, when the repository is opened as trusted workspace in visual studio code.
There are two payload delivery methods in this repository, the first one is visual studio code tasks.json file, second one is postcss.config.js file, where base64 encoded string is passed to eval. This string when decoded contains _$_1e42, that is associated with PolinRider Campaign.
The tasks.json file C2 URL is no longer active as of this writing.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | milla-migration | * (affected), all (affected) | — |
| unknown | falcor-server | all (affected), all (affected), all (affected), all (affected) | — |
| unknown | all (affected) | — | |
| unknown | sidebar-basket | all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected) | — |
References
Malicious npm package: falcor-server
advisory
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.