VDB
GCVE-110-OSM-2026-7597
GCVE-110-OSM-2026-7597
Advisory PublishedCVSS 9.6/10
This Docker Hub image was confirmed malicious by static analysis. The image carries command-and-control tooling that connects a running container to attacker infrastructure for remote control. Knorr inspected the image configuration and unpacked its layers. The image was read but never executed. The detection rule, the attacker infrastructure, and the exact location of the malicious code appear in the payload details so the finding can be verified independently.
Location of the malicious code: image ENTRYPOINT / CMD / build history. Detection rule c2-framework matched on this line: "RUN /bin/sh -c apt-get install -yq metasploit-framework sqlmap # buildkit".
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | sha256:9d88c111738d7cf9e8b673afeae18ab82a515e01dcce22708616be17beed6b5a (affected) | — |
Browse GCVE Records
73,161 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.