VDB

GCVE-110-OSM-2026-7076

GCVE-110-OSM-2026-7076
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published July 1, 2026
The primary concern here is publisher reputation: 'stevewilliam' published 'solana-validator' which is confirmed critical malicious, giving a 0.5 malicious ratio across only 2 checked packages. The code-level findings for xrpl-wallet itself are weak — the preinstall script is merely 'npx only-allow pnpm', a legitimate pnpm enforcement pattern, and all recovered URLs (xumm.app, crossmark.io, walletconnect, babeljs.io, rippletest.net) are passive references to known legitimate XRPL/Web3 services. There is no obfuscation, no exfiltration, no credential theft, and no dynamic code execution found. The rapid version-churn (8 versions in ~2 days with no source repository) combined with the malicious publisher history warrants manual review before trusting this package in a supply chain. ENTRY - Preinstall Script in package.json: ""preinstall": "npx only-allow pnpm"" ADDITIONAL FINDINGS - Publisher Has Other Malicious Packages INDICATORS (IOCs) - ipv4: 3.5.7.9 - urls: https://xumm.app, https://crossmark.io, https://specs.walletconnect.com/2.0/blockchain-rpc/xrpl-rpc, https://babeljs.io/ - domains: crossmark.io, specs.walletconnect.com, s.altnet.rippletest.net, babeljs.io, index.es - sha256Hashes: 37a686ab6223cd42e2886ed6e5477fce100a4fb565dcd57ed4f81f7c12e93053

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknownxrpl-walletall (affected)

References

vendor

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›