VDB

GCVE-110-OSM-2026-712

GCVE-110-OSM-2026-712
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published March 6, 2026
Malicious package detected. Behaviors: code execution. Payload: setup.py Key findings: - Shell Command Execution in setup.py: "subprocess.Popen(" - setup.py Code Execution in setup.py: "class Install(InstallCommand): def run(self): #params = "{install_..." - Setup.py Command Override in setup.py: "cmdclass={'install'" - Shell Command Execution in wdc: "os.system(" IOCs: - urls: https://downloader.disk.yandex.ru/preview/0235fbd15e7ec0b26f90f2a80935e61e89df0572ecad6d009139c25658b3fce2/64d55395/iA_1u4ujWUcmzOBmOKRwtb_lybIQbDByhbVcvWnDbrlIYYObFDu7quXYclv4yhIQz_6v2pS4EFk0ILdrbdbNMw%3D%3D?uid=0&filename=2023-08-10_20-15-15.png&disposition=inline&hash=&limit=0&content_type=image%2Fpng&owner_uid=0&tknv=v2&size=2048x2048, https://downloader.disk.yandex.ru/preview/1605df921d82ea993000363f496952d766965d912b3bb5d147707bc678c67142/64d55497/aKVGJ-14kMQQzdRvvnF1wJJh_pjTCokqL8a_l8HNz8cxq--7ozbljK4h_JZUKeIuxviiBz_vTQFhFAPbxXV8mg%3D%3D?uid=0&filename=2023-08-10_20-18-26.png&disposition=inline&hash=&limit=0&content_type=image%2Fpng&owner_uid=0&tknv=v2&size=2048x2048, https://downloader.disk.yandex.ru/preview/6b304b771c5dbb88c3546612e12f198cdbec4c0279c5e5e089c2e9341d2b7495/64d55564/dCTCH_ho22FI4FekYIIlcdJ6b7FmasDcAADZq8mRX9SHmeEdF1xT9PVg6zQjBq8VQUKqwfidJfCr_e8D0O6rQA%3D%3D?uid=0&filename=2023-08-10_20-22-44.png&disposition=inline&hash=&limit=0&content_type=image%2Fpng&owner_uid=0&tknv=v2&size=2048x2048, https://downloader.disk.yandex.ru/preview/31b07d1ef35e68567aeab06ae80baf47864f85e8e23f0448f213f158f09a2c49/64d5560d/SVqPdcGkDamkJ8eLH0eZCfAnfKG6nyf7FmKBEzpzB1XKGx1HhEB_dTylQ12PMg2SUf40nnmBJE63qfhqY5Efaw%3D%3D?uid=0&filename=2023-08-10_20-26-02.png&disposition=inline&hash=&limit=0&content_type=image%2Fpng&owner_uid=0&tknv=v2&size=2048x2048, https://downloader.disk.yandex.ru/preview/50298680d514b318da42a8b0831bcae646068c68dad22d4391477959a43d1009/64d556e2/iHwYS6KkLqtHa-rS0zUESlywuvzLE_iOxW9kqM4ySvamxEeomwE2_LgRPy_zgIkv-NzkfzDF8XSGG6LbaHbPrA%3D%3D?uid=0&filename=2023-08-10_20-29-41.png&disposition=inline&hash=&limit=0&content_type=image%2Fpng&owner_uid=0&tknv=v2&size=2048x2048 (+6 more) - domains: downloader.disk.yandex.ru, webdav.yandex.ru, webdav.cloud.mail.ru, internet.ru, self.client.info (+4 more) - emails: rkorkunov@internet.ru - telegramBots: 6582857829:AAHrOHPCxSB_8IVP6kRWFdXLD_klbbOdNhA - sha256Hashes: 0235fbd15e7ec0b26f90f2a80935e61e89df0572ecad6d009139c25658b3fce2, 1605df921d82ea993000363f496952d766965d912b3bb5d147707bc678c67142, 6b304b771c5dbb88c3546612e12f198cdbec4c0279c5e5e089c2e9341d2b7495, 31b07d1ef35e68567aeab06ae80baf47864f85e8e23f0448f213f158f09a2c49, 50298680d514b318da42a8b0831bcae646068c68dad22d4391477959a43d1009 (+1 more) - payloadFileHash: 1b768774c8bef6ad1562d0c10eb687d60a12d830b61e1b3c8d0b53d07c64ec70

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownpython-module-installer3.15.10 (affected)

References

vendor
advisory

Browse GCVE Records

73,044 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›