VDB
GCVE-110-OSM-2026-6988
GCVE-110-OSM-2026-6988
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code.
DESTINATION
- custom-c2: https://raw.org/proof/vector-rotation-using-quaternions/ (primary, plaintext) in dist/maplibre-gl-csp-dev.js
- custom-c2: http://projecteuclid.org/euclid.aoms/1177692644; (plaintext) in dist/maplibre-gl-csp-dev.js
- custom-c2: http://jsperf.com/quaternion-slerp-implementations (plaintext) in dist/maplibre-gl-csp-dev.js
- custom-c2: http://planning.cs.uiuc.edu/node198.html (plaintext) in dist/maplibre-gl-csp-dev.js
- custom-c2: https://mathworld.wolfram.com/Plane-PlaneIntersection.html (plaintext) in dist/maplibre-gl-csp-dev.js
- custom-c2: https://www.realtimerendering.com/raytracinggems/rtg/index.html (plaintext) in dist/maplibre-gl-csp-dev.js
- custom-c2: https://bryceboe.com/2006/10/23/line-segment-intersection-algorithm/ (plaintext) in dist/maplibre-gl-csp-dev.js
- custom-c2: https://javascriptsource.com/sanitize-an-html-string-to-reduce-the-risk-of-xss-attacks/ (plaintext) in dist/maplibre-gl-csp-dev.js
(+47 more)
EXFIL
- Corporate Environment Targeting in dist/maplibre-gl-csp-dev.js: "tmosphere-blend': new DataConstantProperty(latest"
- Corporate Environment Targeting in dist/maplibre-gl-dev.js: "tmosphere-blend': new symbol_layout.DataConstantProperty(symbol_layout.latest"
- Data Encoding for Exfiltration in dist/maplibre-gl-csp-dev.js: "btoa("
- Data Encoding for Exfiltration in dist/maplibre-gl-csp-worker-dev.js: "btoa("
- Dynamic C2 Endpoint Construction in dist/maplibre-gl-csp-worker.js: "function t(t,e,r,n){return new(r||(r=Promise))(function(i,s){function o(t){try{l..."
- Data Encoding for Exfiltration in dist/maplibre-gl-csp.js: "encodeURIComponent(e)}addTo(e){return this._map=e,addEventListener("hashchange",..."
- Dynamic C2 Endpoint Construction in dist/maplibre-gl-csp.js: "function n(e,t,i,r){return new(i||(i=Promise))(function(n,o){function s(e){try{l..."
- Data Encoding for Exfiltration in dist/maplibre-gl-dev.js: "btoa("
(+4 more)
OBFUSCATION
- Dynamic Base64 Decoding in dist/maplibre-gl-csp-dev.js: "atob(str)"
- Dynamic Base64 Decoding in dist/maplibre-gl-csp-worker-dev.js: "atob(str)"
- Obfuscation: function to array replacements in dist/maplibre-gl-csp-worker.js
- Obfuscation: function to array replacements in dist/maplibre-gl-csp.js
- Dynamic Base64 Decoding in dist/maplibre-gl-dev.js: "atob(str)"
- Obfuscation: function to array replacements in dist/maplibre-gl.js
- Dynamic Base64 Decoding in src/util/util.ts: "atob(str)"
- Unicode Escape Obfuscation in dist/maplibre-gl-csp-dev.js: "\u2016\u2020\u2021\u2030\u2031\u203B\u203C\u2042\u2047"
(+14 more)
ADDITIONAL FINDINGS
- Dynamic Code Execution in build/generate-docs.ts: "exec(htmlContent)"
PAYLOAD FILES
dist/maplibre-gl-csp-dev.js (+ dist/maplibre-gl-dev.js, dist/maplibre-gl.js)
INDICATORS (IOCs)
- ipv4: 177.1.224.138
- urls: https://maplibre.org/maplibre-gl-js/docs/API/, https://demotiles.maplibre.org/style.json, https://maplibre.org/maplibre-gl-js/docs/examples/, https://visgl.github.io/react-map-gl/docs/get-started, https://slack.openstreetmap.us/ (+12 more)
- domains: maplibre.org, demotiles.maplibre.org, visgl.github.io, slack.openstreetmap.us, www.mierune.co.jp (+7 more)
- emails: hidden@parameters.zoom, bar@2x.png, sprite1@2x.json, sprite1@2x.png
- payloadFileHash: f37aeba4e4b8e6c4dd7bd27fd2d7180a7b47bd58e773d58816d9df6f70f946b1
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | maplibre-gl-vue3 | all (affected) | — |
Aliases
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.