VDB

GCVE-110-OSM-2026-724

GCVE-110-OSM-2026-724
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published March 3, 2026
This package was part of a hyper targeted dependency confusion attack. The threat actors used stolen information to craft PyPI packages they knew would run in the victim's CI/CD pipelines The threat actor crafted custom malware that would only run in GitHub Actions, and if it identified that it was NOT in a CI pipeline, it would exit. The payload then analyzed whether it was in the correct victim's account and in the right GitHub Action. If it found that it was, it exfiltrated every variable and credential it had to an IP address 77.91.65.24. The malware then downloads additional payloads from 91.184.247.242 and 1.46.221.5

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownwisecloudsecretsall (affected)

References

advisory
vendor

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›