VDB

GCVE-110-OSM-2026-7607

GCVE-110-OSM-2026-7607
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published July 8, 2026
This Docker Hub image ships a cryptocurrency miner that is preconfigured to a fixed mining pool and payout wallet. Anyone who pulls and runs the image begins mining cryptocurrency to the operator's wallet using their own CPU, without consent. Knorr inspected the image configuration and unpacked its layers. The image was read but never executed. The detection rule, the attacker infrastructure, and the exact location of the malicious code appear in the payload details so the finding can be verified independently. Miner: xmrig. Mining pool: trtl.waale.me:5555. Payout wallet: TRTLuxHonekNmbvxSUqsHLgnGph2LeZe5ZBHUWeHtxK3Jkj3QuhkaRzYSaev3RLm8V63ZexHF4yES766ead7cVna4mhG8gpFucU. Built from: github.com/sh777/xmrig.git. Location of the malicious code: image ENTRYPOINT / CMD / build history. Detection rule miner-wallet-flag matched on this line: "--url=trtl.waale.me:5555 --user=TRTLuxHonekNmbvxSUqsHLgnGph2LeZe5ZBHUWeHtxK3Jkj3QuhkaRzYSaev3RLm8V63ZexHF4yES766ead7cVna4mhG8gpFucU --pass=x -k --max-cpu-usage=100".

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownsha256:d3f806f053f8923f5f7fcce5082a551cd6739dc3db1cd9fb601c9c5d523a0030 (affected)

Browse GCVE Records

73,196 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›