VDB
GCVE-110-OSM-2026-7076
GCVE-110-OSM-2026-7076
Advisory PublishedCVSS 5.4/10
The primary concern here is publisher reputation: 'stevewilliam' published 'solana-validator' which is confirmed critical malicious, giving a 0.5 malicious ratio across only 2 checked packages. The code-level findings for xrpl-wallet itself are weak — the preinstall script is merely 'npx only-allow pnpm', a legitimate pnpm enforcement pattern, and all recovered URLs (xumm.app, crossmark.io, walletconnect, babeljs.io, rippletest.net) are passive references to known legitimate XRPL/Web3 services. There is no obfuscation, no exfiltration, no credential theft, and no dynamic code execution found. The rapid version-churn (8 versions in ~2 days with no source repository) combined with the malicious publisher history warrants manual review before trusting this package in a supply chain.
ENTRY
- Preinstall Script in package.json: ""preinstall": "npx only-allow pnpm""
ADDITIONAL FINDINGS
- Publisher Has Other Malicious Packages
INDICATORS (IOCs)
- ipv4: 3.5.7.9
- urls: https://xumm.app, https://crossmark.io, https://specs.walletconnect.com/2.0/blockchain-rpc/xrpl-rpc, https://babeljs.io/
- domains: crossmark.io, specs.walletconnect.com, s.altnet.rippletest.net, babeljs.io, index.es
- sha256Hashes: 37a686ab6223cd42e2886ed6e5477fce100a4fb565dcd57ed4f81f7c12e93053
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | xrpl-wallet | all (affected) | — |
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.