VDB

GCVE-110-OSM-2026-617

GCVE-110-OSM-2026-617
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published June 10, 2026
Malicious VSCode tasks.json file that delivers malware to user device, when the repository is opened as trusted workspace in visual studio code. There are two payload delivery methods in this repository, the first one is visual studio code tasks.json file, second one is postcss.config.js file, where base64 encoded string is passed to eval. This string when decoded contains _$_1e42, that is associated with PolinRider Campaign. The tasks.json file C2 URL is no longer active as of this writing.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownmilla-migration* (affected), all (affected)
unknownfalcor-serverall (affected), all (affected), all (affected), all (affected)
unknownall (affected)
unknownsidebar-basketall (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected), all (affected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›