VDB

GCVE-110-OSM-2026-640

GCVE-110-OSM-2026-640
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published June 10, 2026
Malicious vscode tasks.json file that executes when the user opens the repository in vscode as trusted workspace. The payload C2 host has been taken down. But the indicators are associated known contagious interview campaign that uses tasks.json to deliver malware.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknownlightmockall (affected), all (affected), all (affected), all (affected), all (affected), * (affected)
unknownlm-sysall (affected)
unknownall (affected), * (affected), all (affected), all (affected), all (affected)
unknownbatch-shipyardall (affected), all (affected)
unknownhy-api-utilitiesall (affected), * (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›