VDB
GCVE-110-OSM-2026-7554
GCVE-110-OSM-2026-7554
Advisory PublishedCVSS 9.6/10
Malicious package detected. Behaviors: data exfiltration, code execution.
ENTRY
rarcore/__init__.py (module-import: 36)
PERSISTENCE
- Startup Persistence in PKG-INFO: "Startup\"
- Startup Persistence in rarcore.egg-info/PKG-INFO: "Startup\"
EXFIL
- Environment Variable Exfiltration in rarcore/__init__.py: "os.environ["APPDATA"] directory = os.path.join(appdata, "RtkAudService") req = u..."
- Python Background Thread Execution in rarcore/__init__.py: "def inst(): try: appdata = os.environ["APPDATA"] directory = os.path.join(appdat..."
- Network Request in rarcore/__init__.py: "urllib.request.urlopen("
ADDITIONAL FINDINGS
- Shell Command Execution in rarcore/__init__.py: "subprocess.Popen("
- Silent Process Execution in rarcore/__init__.py: "stdout=subprocess.DEVNULL"
PAYLOAD FILES
rarcore/__init__.py
INDICATORS (IOCs)
- urls: https://www.cvedetails.com/cve/CVE-2025-31334/, https://www.win-rar.com/whatsnew.html
- domains: www.cvedetails.com
- payloadFileHash: e71a6e04123079df574dd57e28b0433a3b58b09d80c18c6986e0aa8772bd77e7
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | rarcore | all (affected) | — |
Aliases
Browse GCVE Records
72,096 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.