VDB
GCVE-110-OSM-2026-6680
GCVE-110-OSM-2026-6680
Advisory PublishedCVSS 8.8/10
Suspected dependency confusion attack.
ENTRY
UR7/__init__.py (module-import: 5)
ADDITIONAL FINDINGS
- Brand New Package
- Binary: Shell in UR7/libpython3.1N.so: "/system/bin/sh"
- Binary: Process in UR7/libpython3.1N.so: "system($module, /, command) -- Execute the command in a subshell."
- Binary: Persistence in UR7/libpython3.1N.so: "HKEY_LOCAL_MACHINE"
PAYLOAD FILES
UR7/libpython3.1N.so
INDICATORS (IOCs)
- domains: libdl.so, libm.so, libc.so, libpython3.13.so, liblog.so (+27 more)
- binaryHashes: 2efc2ad5ea74e30e98f58b4468e38fe3776e6e733dc7bf489cda93b0d298d380, 647707e53dfe53260c8d6f093b97af0cae591ef555a134f7130bac1fa43a8dcf
- payloadFileHash: 647707e53dfe53260c8d6f093b97af0cae591ef555a134f7130bac1fa43a8dcf
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | ur7 | all (affected) | — |
Browse GCVE Records
73,834 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.