VDB
GCVE-110-OSM-2026-6466
GCVE-110-OSM-2026-6466
Advisory PublishedCVSS 9.6/10
Malicious vscode tasks.json file that delivers malware when the repository is opened in visual studio code as trusted workspace.
The payload delivers obfuscated JS file in third stage that talks to the C2 http://147[.]124[.]212[.]180[:]1224[/]api[/]checkStatus sends a GET request with environment variables and system info. The code runs every 5000 to fetch further instructions.
Second stage payloads downloaded from:
https://moralismvp.s.gy/M # mac
https://moralismvp.s.gy/L # linux
https://moralismvp.s.gy/W # windows
These redirect to:
https://access-private-github.vercel.app/api/settings/mac
https://access-private-github.vercel.app/api/settings/linux
https://access-private-github.vercel.app/api/settings/windows
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.