VDB
GCVE-110-OSM-2026-712
GCVE-110-OSM-2026-712
Advisory PublishedCVSS 8.8/10
Malicious package detected. Behaviors: code execution.
Payload: setup.py
Key findings:
- Shell Command Execution in setup.py: "subprocess.Popen("
- setup.py Code Execution in setup.py: "class Install(InstallCommand):
def run(self):
#params = "{install_..."
- Setup.py Command Override in setup.py: "cmdclass={'install'"
- Shell Command Execution in wdc: "os.system("
IOCs:
- urls: https://downloader.disk.yandex.ru/preview/0235fbd15e7ec0b26f90f2a80935e61e89df0572ecad6d009139c25658b3fce2/64d55395/iA_1u4ujWUcmzOBmOKRwtb_lybIQbDByhbVcvWnDbrlIYYObFDu7quXYclv4yhIQz_6v2pS4EFk0ILdrbdbNMw%3D%3D?uid=0&filename=2023-08-10_20-15-15.png&disposition=inline&hash=&limit=0&content_type=image%2Fpng&owner_uid=0&tknv=v2&size=2048x2048, https://downloader.disk.yandex.ru/preview/1605df921d82ea993000363f496952d766965d912b3bb5d147707bc678c67142/64d55497/aKVGJ-14kMQQzdRvvnF1wJJh_pjTCokqL8a_l8HNz8cxq--7ozbljK4h_JZUKeIuxviiBz_vTQFhFAPbxXV8mg%3D%3D?uid=0&filename=2023-08-10_20-18-26.png&disposition=inline&hash=&limit=0&content_type=image%2Fpng&owner_uid=0&tknv=v2&size=2048x2048, https://downloader.disk.yandex.ru/preview/6b304b771c5dbb88c3546612e12f198cdbec4c0279c5e5e089c2e9341d2b7495/64d55564/dCTCH_ho22FI4FekYIIlcdJ6b7FmasDcAADZq8mRX9SHmeEdF1xT9PVg6zQjBq8VQUKqwfidJfCr_e8D0O6rQA%3D%3D?uid=0&filename=2023-08-10_20-22-44.png&disposition=inline&hash=&limit=0&content_type=image%2Fpng&owner_uid=0&tknv=v2&size=2048x2048, https://downloader.disk.yandex.ru/preview/31b07d1ef35e68567aeab06ae80baf47864f85e8e23f0448f213f158f09a2c49/64d5560d/SVqPdcGkDamkJ8eLH0eZCfAnfKG6nyf7FmKBEzpzB1XKGx1HhEB_dTylQ12PMg2SUf40nnmBJE63qfhqY5Efaw%3D%3D?uid=0&filename=2023-08-10_20-26-02.png&disposition=inline&hash=&limit=0&content_type=image%2Fpng&owner_uid=0&tknv=v2&size=2048x2048, https://downloader.disk.yandex.ru/preview/50298680d514b318da42a8b0831bcae646068c68dad22d4391477959a43d1009/64d556e2/iHwYS6KkLqtHa-rS0zUESlywuvzLE_iOxW9kqM4ySvamxEeomwE2_LgRPy_zgIkv-NzkfzDF8XSGG6LbaHbPrA%3D%3D?uid=0&filename=2023-08-10_20-29-41.png&disposition=inline&hash=&limit=0&content_type=image%2Fpng&owner_uid=0&tknv=v2&size=2048x2048 (+6 more)
- domains: downloader.disk.yandex.ru, webdav.yandex.ru, webdav.cloud.mail.ru, internet.ru, self.client.info (+4 more)
- emails: rkorkunov@internet.ru
- telegramBots: 6582857829:AAHrOHPCxSB_8IVP6kRWFdXLD_klbbOdNhA
- sha256Hashes: 0235fbd15e7ec0b26f90f2a80935e61e89df0572ecad6d009139c25658b3fce2, 1605df921d82ea993000363f496952d766965d912b3bb5d147707bc678c67142, 6b304b771c5dbb88c3546612e12f198cdbec4c0279c5e5e089c2e9341d2b7495, 31b07d1ef35e68567aeab06ae80baf47864f85e8e23f0448f213f158f09a2c49, 50298680d514b318da42a8b0831bcae646068c68dad22d4391477959a43d1009 (+1 more)
- payloadFileHash: 1b768774c8bef6ad1562d0c10eb687d60a12d830b61e1b3c8d0b53d07c64ec70
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | python-module-installer | 3.15.10 (affected) | — |
Aliases
Browse GCVE Records
73,044 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.