VDB

GCVE-110-OSM-2026-7554

GCVE-110-OSM-2026-7554
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published July 8, 2026
Malicious package detected. Behaviors: data exfiltration, code execution. ENTRY rarcore/__init__.py (module-import: 36) PERSISTENCE - Startup Persistence in PKG-INFO: "Startup\" - Startup Persistence in rarcore.egg-info/PKG-INFO: "Startup\" EXFIL - Environment Variable Exfiltration in rarcore/__init__.py: "os.environ["APPDATA"] directory = os.path.join(appdata, "RtkAudService") req = u..." - Python Background Thread Execution in rarcore/__init__.py: "def inst(): try: appdata = os.environ["APPDATA"] directory = os.path.join(appdat..." - Network Request in rarcore/__init__.py: "urllib.request.urlopen(" ADDITIONAL FINDINGS - Shell Command Execution in rarcore/__init__.py: "subprocess.Popen(" - Silent Process Execution in rarcore/__init__.py: "stdout=subprocess.DEVNULL" PAYLOAD FILES rarcore/__init__.py INDICATORS (IOCs) - urls: https://www.cvedetails.com/cve/CVE-2025-31334/, https://www.win-rar.com/whatsnew.html - domains: www.cvedetails.com - payloadFileHash: e71a6e04123079df574dd57e28b0433a3b58b09d80c18c6986e0aa8772bd77e7

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownrarcoreall (affected)

References

advisory
vendor

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›