CWE-506
Embedded Malicious Code
The product contains code that appears to be malicious in nature.
CVE-2025-59331 (GCVE-0-2025-59331)
Vulnerability from cvelistv5 – Published: 2025-09-15 19:21 – Updated: 2025-09-15 19:39
VLAI
Title
is-arrayish@0.3.3 contains malware after npm account takeover
Summary
is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt. The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. See references below for more information on the payload. npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper. On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. Users should update to the latest patch version, completely remove their node_modules directory, clean their package manager's global cache, and rebuild any browser bundles from scratch. Those operating private registries or registry mirrors should purge the offending versions from any caches. This issue is resolved in 0.3.4.
Severity
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/Qix-/node-is-arrayish/security… | x_refsource_CONFIRM |
| https://github.com/debug-js/debug/issues/1005 | x_refsource_MISC |
| https://socket.dev/blog/npm-author-qix-compromise… | x_refsource_MISC |
| https://www.aikido.dev/blog/npm-debug-and-chalk-p… | x_refsource_MISC |
| https://www.ox.security/blog/npm-packages-compromised | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qix- | node-is-arrayish |
Affected:
= 0.3.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T19:39:45.623133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T19:39:50.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "node-is-arrayish",
"vendor": "Qix-",
"versions": [
{
"status": "affected",
"version": "= 0.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker\u0027s own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct \u003cscript\u003e inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt. The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. See references below for more information on the payload. npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper. On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. Users should update to the latest patch version, completely remove their node_modules directory, clean their package manager\u0027s global cache, and rebuild any browser bundles from scratch. Those operating private registries or registry mirrors should purge the offending versions from any caches. This issue is resolved in 0.3.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T19:21:29.858Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Qix-/node-is-arrayish/security/advisories/GHSA-frh7-2f84-v9mw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Qix-/node-is-arrayish/security/advisories/GHSA-frh7-2f84-v9mw"
},
{
"name": "https://github.com/debug-js/debug/issues/1005",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/debug-js/debug/issues/1005"
},
{
"name": "https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack",
"tags": [
"x_refsource_MISC"
],
"url": "https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack"
},
{
"name": "https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised"
},
{
"name": "https://www.ox.security/blog/npm-packages-compromised",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ox.security/blog/npm-packages-compromised"
}
],
"source": {
"advisory": "GHSA-frh7-2f84-v9mw",
"discovery": "UNKNOWN"
},
"title": "is-arrayish@0.3.3 contains malware after npm account takeover"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59331",
"datePublished": "2025-09-15T19:21:29.858Z",
"dateReserved": "2025-09-12T12:36:24.634Z",
"dateUpdated": "2025-09-15T19:39:50.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59374 (GCVE-0-2025-59374)
Vulnerability from cvelistv5 – Published: 2025-12-17 04:27 – Updated: 2026-02-26 16:07
VLAI
Summary
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
Severity
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.asus.com/news/hqfgvuyz6uyayje1/ | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | live update |
Affected:
before 3.6.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59374",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T04:55:25.451260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-12-17",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:31.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59374"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "live update",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "before 3.6.6"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:live_update:before_3.6.6:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\"UNSUPPORTED WHEN ASSIGNED\"\u0026nbsp;Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise.\u0026nbsp;The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected.\u0026nbsp;The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue."
}
],
"value": "\"UNSUPPORTED WHEN ASSIGNED\"\u00a0Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise.\u00a0The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected.\u00a0The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T04:27:06.885Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.asus.com/news/hqfgvuyz6uyayje1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-59374",
"datePublished": "2025-12-17T04:27:06.885Z",
"dateReserved": "2025-09-15T01:36:47.359Z",
"dateUpdated": "2026-02-26T16:07:31.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8217 (GCVE-0-2025-8217)
Vulnerability from cvelistv5 – Published: 2025-07-30 00:34 – Updated: 2025-10-14 17:54
VLAI
Title
Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension
Summary
The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making a successful API call to the Q Developer CLI.
To mitigate this issue, users should upgrade to version v1.85.0. All installations of v1.84.0 should be removed from use.
Severity
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://github.com/aws/aws-toolkit-vscode/securit… | third-party-advisory |
| https://github.com/aws/aws-toolkit-vscode/release… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Amazon | Q Developer VS Code Extension |
Affected:
1.84.0 , < 1.85.0
(semver)
Affected: sha256:47f7840ecab6312d2733e1274c513050405886c70f2037fb2f1e9099872b0464 (git) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T13:23:17.479055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T15:25:16.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Q Developer VS Code Extension",
"vendor": "Amazon",
"versions": [
{
"lessThan": "1.85.0",
"status": "affected",
"version": "1.84.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "sha256:47f7840ecab6312d2733e1274c513050405886c70f2037fb2f1e9099872b0464",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making a successful API call to the Q Developer CLI.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eTo mitigate this issue, users should upgrade to version v1.85.0. All installations of v1.84.0 should be removed from use.\u003c/p\u003e"
}
],
"value": "The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making a successful API call to the Q Developer CLI.\n\n\n\nTo mitigate this issue, users should upgrade to version v1.85.0. All installations of v1.84.0 should be removed from use."
}
],
"impacts": [
{
"capecId": "CAPEC-442",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-442 Infected Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506 Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T17:54:42.871Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-015/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/aws/aws-toolkit-vscode/security/advisories/GHSA-7g7f-ff96-5gcw"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aws/aws-toolkit-vscode/releases/tag/amazonq%2Fv1.85.0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2025-8217",
"datePublished": "2025-07-30T00:34:06.733Z",
"dateReserved": "2025-07-25T21:50:50.324Z",
"dateUpdated": "2025-10-14T17:54:42.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-28353 (GCVE-0-2026-28353)
Vulnerability from cvelistv5 – Published: 2026-03-05 20:02 – Updated: 2026-03-06 17:04
VLAI
Title
Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release
Summary
Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive information. Users using the affected artifact are advised to immediately remove it and rotate environment secrets. The malicious artifact has been removed from the marketplace. No other affected artifacts have been identified.
Severity
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/aquasecurity/trivy-vscode-exte… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aquasecurity | trivy-vscode-extension |
Affected:
= 1.8.12
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T17:04:26.726102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T17:04:35.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "trivy-vscode-extension",
"vendor": "aquasecurity",
"versions": [
{
"status": "affected",
"version": "= 1.8.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive information. Users using the affected artifact are advised to immediately remove it and rotate environment secrets. The malicious artifact has been removed from the marketplace. No other affected artifacts have been identified."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T20:02:59.865Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aquasecurity/trivy-vscode-extension/security/advisories/GHSA-8mr6-gf9x-j8qg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aquasecurity/trivy-vscode-extension/security/advisories/GHSA-8mr6-gf9x-j8qg"
}
],
"source": {
"advisory": "GHSA-8mr6-gf9x-j8qg",
"discovery": "UNKNOWN"
},
"title": "Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28353",
"datePublished": "2026-03-05T20:02:59.865Z",
"dateReserved": "2026-02-26T18:38:13.890Z",
"dateUpdated": "2026-03-06T17:04:35.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31976 (GCVE-0-2026-31976)
Vulnerability from cvelistv5 – Published: 2026-03-11 19:44 – Updated: 2026-03-12 19:54
VLAI
Title
xygeni-action v5 tag poisoned with C2 backdoor
Summary
xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the compromised GitHub App credentials to move the mutable v5 tag to point at the malicious commit (4bf1d4e19ad81a3e8d4063755ae0f482dd3baf12) from one of the unmerged PRs. This commit remained in the repository's git object store, and any workflow referencing @v5 would fetch and execute it. This is a supply chain compromise via tag poisoning. Any GitHub Actions workflow referencing xygeni/xygeni-action@v5 during the affected window (approximately March 3–10, 2026) executed a C2 implant that granted the attacker arbitrary command execution on the CI runner for up to 180 seconds per workflow run.
Severity
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/xygeni/xygeni-action/security/… | x_refsource_CONFIRM |
| https://github.com/xygeni/xygeni-action/issues/54 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xygeni | xygeni-action |
Affected:
>= March 3, 2026, <= March 10, 2026
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T19:54:48.032219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T19:54:54.608Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xygeni-action",
"vendor": "xygeni",
"versions": [
{
"status": "affected",
"version": "\u003e= March 3, 2026, \u003c= March 10, 2026"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the compromised GitHub App credentials to move the mutable v5 tag to point at the malicious commit (4bf1d4e19ad81a3e8d4063755ae0f482dd3baf12) from one of the unmerged PRs. This commit remained in the repository\u0027s git object store, and any workflow referencing @v5 would fetch and execute it. This is a supply chain compromise via tag poisoning. Any GitHub Actions workflow referencing xygeni/xygeni-action@v5 during the affected window (approximately March 3\u201310, 2026) executed a C2 implant that granted the attacker arbitrary command execution on the CI runner for up to 180 seconds per workflow run."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T19:44:38.643Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xygeni/xygeni-action/security/advisories/GHSA-f8q5-h5qh-33mh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xygeni/xygeni-action/security/advisories/GHSA-f8q5-h5qh-33mh"
},
{
"name": "https://github.com/xygeni/xygeni-action/issues/54",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xygeni/xygeni-action/issues/54"
}
],
"source": {
"advisory": "GHSA-f8q5-h5qh-33mh",
"discovery": "UNKNOWN"
},
"title": "xygeni-action v5 tag poisoned with C2 backdoor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31976",
"datePublished": "2026-03-11T19:44:38.643Z",
"dateReserved": "2026-03-10T15:40:10.487Z",
"dateUpdated": "2026-03-12T19:54:54.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33634 (GCVE-0-2026-33634)
Vulnerability from cvelistv5 – Published: 2026-03-23 21:47 – Updated: 2026-03-30 14:40
VLAI
Title
Trivy ecosystem supply chain briefly compromised
Summary
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. This incident is a continuation of the supply chain attack that began in late February 2026. Following the initial disclosure on March 1, credential rotation was performed but was not atomic (not all credentials were revoked simultaneously). The attacker could have use a valid token to exfiltrate newly rotated secrets during the rotation window (which lasted a few days). This could have allowed the attacker to retain access and execute the March 19 attack. Affected components include the `aquasecurity/trivy` Go / Container image version 0.69.4, the `aquasecurity/trivy-action` GitHub Action versions 0.0.1 – 0.34.2 (76/77), and the`aquasecurity/setup-trivy` GitHub Action versions 0.2.0 – 0.2.6, prior to the recreation of 0.2.6 with a safe commit. Known safe versions include versions 0.69.2 and 0.69.3 of the Trivy binary, version 0.35.0 of trivy-action, and version 0.2.6 of setup-trivy. Additionally, take other mitigations to ensure the safety of secrets. If there is any possibility that a compromised version ran in one's environment, all secrets accessible to affected pipelines must be treated as exposed and rotated immediately. Check whether one's organization pulled or executed Trivy v0.69.4 from any source. Remove any affected artifacts immediately. Review all workflows using `aquasecurity/trivy-action` or `aquasecurity/setup-trivy`. Those who referenced a version tag rather than a full commit SHA should check workflow run logs from March 19–20, 2026 for signs of compromise. Look for repositories named `tpcp-docs` in one's GitHub organization. The presence of such a repository may indicate that the fallback exfiltration mechanism was triggered and secrets were successfully stolen. Pin GitHub Actions to full, immutable commit SHA hashes, don't use mutable version tags.
Severity
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/aquasecurity/trivy/security/ad… | x_refsource_CONFIRM |
| https://github.com/team-telnyx/telnyx-python/secu… | x_refsource_MISC |
| https://github.com/BerriAI/litellm/issues/24518 | x_refsource_MISC |
| https://docs.litellm.ai/blog/security-update-march-2026 | x_refsource_MISC |
| https://futuresearch.ai/blog/litellm-pypi-supply-… | x_refsource_MISC |
| https://github.com/aquasecurity/trivy/discussions/10425 | x_refsource_MISC |
| https://github.com/pypa/advisory-database/tree/ma… | x_refsource_MISC |
| https://inspector.pypi.io/project/litellm/1.82.7/… | x_refsource_MISC |
| https://inspector.pypi.io/project/litellm/1.82.8/… | x_refsource_MISC |
| https://www.wiz.io/blog/teampcp-attack-kics-githu… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| aquasecurity | setup-trivy |
Affected:
< 0.2.6
|
|
| aquasecurity | trivy-action |
Affected:
< 0.35.0
|
|
| aquasecurity | trivy |
Affected:
= 0.69.4
|
|
| BerriAI | LiteLLM |
Affected:
>= 1.82.7, <= 1.82.8
|
|
| team-telnyx | telnyx |
Affected:
>= 4.87.1, <= 4.87.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33634",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-26",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33634"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T03:55:31.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.microsoft.com/en-us/security/blog/2026/03/24/detecting-investigating-defending-against-trivy-supply-chain-compromise/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/BerriAI/litellm/issues/24518#issuecomment-4127436387"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33634"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-26T00:00:00.000Z",
"value": "CVE-2026-33634 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "setup-trivy",
"vendor": "aquasecurity",
"versions": [
{
"status": "affected",
"version": "\u003c 0.2.6"
}
]
},
{
"product": "trivy-action",
"vendor": "aquasecurity",
"versions": [
{
"status": "affected",
"version": "\u003c 0.35.0"
}
]
},
{
"product": "trivy",
"vendor": "aquasecurity",
"versions": [
{
"status": "affected",
"version": "= 0.69.4"
}
]
},
{
"product": "LiteLLM",
"vendor": "BerriAI",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.82.7, \u003c= 1.82.8"
}
]
},
{
"product": "telnyx",
"vendor": "team-telnyx",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.87.1, \u003c= 4.87.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. This incident is a continuation of the supply chain attack that began in late February 2026. Following the initial disclosure on March 1, credential rotation was performed but was not atomic (not all credentials were revoked simultaneously). The attacker could have use a valid token to exfiltrate newly rotated secrets during the rotation window (which lasted a few days). This could have allowed the attacker to retain access and execute the March 19 attack. Affected components include the `aquasecurity/trivy` Go / Container image version 0.69.4, the `aquasecurity/trivy-action` GitHub Action versions 0.0.1 \u2013 0.34.2 (76/77), and the`aquasecurity/setup-trivy` GitHub Action versions 0.2.0 \u2013 0.2.6, prior to the recreation of 0.2.6 with a safe commit. Known safe versions include versions 0.69.2 and 0.69.3 of the Trivy binary, version 0.35.0 of trivy-action, and version 0.2.6 of setup-trivy. Additionally, take other mitigations to ensure the safety of secrets. If there is any possibility that a compromised version ran in one\u0027s environment, all secrets accessible to affected pipelines must be treated as exposed and rotated immediately. Check whether one\u0027s organization pulled or executed Trivy v0.69.4 from any source. Remove any affected artifacts immediately. Review all workflows using `aquasecurity/trivy-action` or `aquasecurity/setup-trivy`. Those who referenced a version tag rather than a full commit SHA should check workflow run logs from March 19\u201320, 2026 for signs of compromise. Look for repositories named `tpcp-docs` in one\u0027s GitHub organization. The presence of such a repository may indicate that the fallback exfiltration mechanism was triggered and secrets were successfully stolen. Pin GitHub Actions to full, immutable commit SHA hashes, don\u0027t use mutable version tags."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T14:40:28.027Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23"
},
{
"name": "https://github.com/team-telnyx/telnyx-python/security/advisories/GHSA-955r-262c-33jc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/team-telnyx/telnyx-python/security/advisories/GHSA-955r-262c-33jc"
},
{
"name": "https://github.com/BerriAI/litellm/issues/24518",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BerriAI/litellm/issues/24518"
},
{
"name": "https://docs.litellm.ai/blog/security-update-march-2026",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.litellm.ai/blog/security-update-march-2026"
},
{
"name": "https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack",
"tags": [
"x_refsource_MISC"
],
"url": "https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack"
},
{
"name": "https://github.com/aquasecurity/trivy/discussions/10425",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aquasecurity/trivy/discussions/10425"
},
{
"name": "https://github.com/pypa/advisory-database/tree/main/vulns/litellm/PYSEC-2026-2.yaml",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/litellm/PYSEC-2026-2.yaml"
},
{
"name": "https://inspector.pypi.io/project/litellm/1.82.7/packages/79/5f/b6998d42c6ccd32d36e12661f2734602e72a576d52a51f4245aef0b20b4d/litellm-1.82.7-py3-none-any.whl/litellm/proxy/proxy_server.py#line.130",
"tags": [
"x_refsource_MISC"
],
"url": "https://inspector.pypi.io/project/litellm/1.82.7/packages/79/5f/b6998d42c6ccd32d36e12661f2734602e72a576d52a51f4245aef0b20b4d/litellm-1.82.7-py3-none-any.whl/litellm/proxy/proxy_server.py#line.130"
},
{
"name": "https://inspector.pypi.io/project/litellm/1.82.8/packages/f6/2c/731b614e6cee0bca1e010a36fd381fba69ee836fe3cb6753ba23ef2b9601/litellm-1.82.8.tar.gz/litellm-1.82.8/litellm_init.pth#line.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://inspector.pypi.io/project/litellm/1.82.8/packages/f6/2c/731b614e6cee0bca1e010a36fd381fba69ee836fe3cb6753ba23ef2b9601/litellm-1.82.8.tar.gz/litellm-1.82.8/litellm_init.pth#line.1"
},
{
"name": "https://www.wiz.io/blog/teampcp-attack-kics-github-action",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wiz.io/blog/teampcp-attack-kics-github-action"
}
],
"source": {
"advisory": "GHSA-69fq-xp46-6x23",
"discovery": "UNKNOWN"
},
"title": "Trivy ecosystem supply chain briefly compromised"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33634",
"datePublished": "2026-03-23T21:47:29.636Z",
"dateReserved": "2026-03-23T14:24:11.619Z",
"dateUpdated": "2026-03-30T14:40:28.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34424 (GCVE-0-2026-34424)
Vulnerability from cvelistv5 – Published: 2026-04-09 22:59 – Updated: 2026-05-14 16:05 X_Known Exploited Vulnerability
VLAI
Title
Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit
Summary
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hidden administrator accounts, exfiltrate credentials and access keys, and maintain persistence through multiple injection points including must-use plugins and core file modifications.
Severity
9.8 (Critical)
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://smartslider.helpscoutdocs.com/article/214… | vendor-advisorypatch |
| https://smartslider.helpscoutdocs.com/article/214… | vendor-advisorypatch |
| https://patchstack.com/database/wordpress/plugin/… | third-party-advisory |
| https://patchstack.com/articles/critical-supply-c… | technical-description |
| https://mysites.guru/blog/smart-slider-3-pro-supp… | technical-description |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nextendweb | Smart Slider 3 Pro for WordPress |
Affected:
3.5.1.35
(custom)
Unaffected: 0 , ≤ 3.5.1.34 (custom) Unaffected: 3.5.1.36 (custom) |
|
| Nextendweb | Smart Slider 3 Pro for Joomla |
Affected:
3.5.1.35
(custom)
Unaffected: 0 , ≤ 3.5.1.34 (custom) Unaffected: 3.5.1.36 (custom) |
Date Public
2026-04-07 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34424",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T03:13:27.950946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T16:05:59.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smart Slider 3 Pro for WordPress",
"vendor": "Nextendweb",
"versions": [
{
"status": "affected",
"version": "3.5.1.35",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.5.1.34",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.5.1.36",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Smart Slider 3 Pro for Joomla",
"vendor": "Nextendweb",
"versions": [
{
"status": "affected",
"version": "3.5.1.35",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.5.1.34",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.5.1.36",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.35:*:*:*:*:wordpress:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.35:*:*:*:*:joomla:*:*",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hidden administrator accounts, exfiltrate credentials and access keys, and maintain persistence through multiple injection points including must-use plugins and core file modifications."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T23:11:46.623Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://smartslider.helpscoutdocs.com/article/2144-wordpress-security-advisory-smart-slider-3-pro-3-5-1-35-compromise"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://smartslider.helpscoutdocs.com/article/2143-joomla-security-advisory-smart-slider-3-pro-3-5-1-35-compromise"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://patchstack.com/database/wordpress/plugin/nextend-smart-slider3-pro/vulnerability/wordpress-smart-slider-3-plugin-3-5-1-35-backdoor-vulnerability"
},
{
"tags": [
"technical-description"
],
"url": "https://patchstack.com/articles/critical-supply-chain-compromise-in-smart-slider-3-pro-full-malware-analysis/"
},
{
"tags": [
"technical-description"
],
"url": "https://mysites.guru/blog/smart-slider-3-pro-supply-chain-compromise/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-34424",
"datePublished": "2026-04-09T22:59:38.306Z",
"dateReserved": "2026-03-27T15:24:06.752Z",
"dateUpdated": "2026-05-14T16:05:59.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34841 (GCVE-0-2026-34841)
Vulnerability from cvelistv5 – Published: 2026-04-06 16:08 – Updated: 2026-04-08 03:55
VLAI
Title
Axios npm Supply Chain Incident Impacting @usebruno/cli
Summary
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan (RAT). Users of @usebruno/cli who ran npm install between 00:21 UTC and ~03:30 UTC on March 31, 2026 may have been impacted. Upgrade to 3.2.1
Severity
9.8 (Critical)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/usebruno/bruno/security/adviso… | x_refsource_CONFIRM |
| https://github.com/axios/axios/issues/10604 | x_refsource_MISC |
| https://github.com/usebruno/bruno/pull/7632 | x_refsource_MISC |
| https://www.aikido.dev/blog/axios-npm-compromised… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T03:55:33.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bruno",
"vendor": "usebruno",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan (RAT). Users of @usebruno/cli who ran npm install between 00:21 UTC and ~03:30 UTC on March 31, 2026 may have been impacted. Upgrade to 3.2.1"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:08:08.198Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/usebruno/bruno/security/advisories/GHSA-658g-p7jg-wx5g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/usebruno/bruno/security/advisories/GHSA-658g-p7jg-wx5g"
},
{
"name": "https://github.com/axios/axios/issues/10604",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/issues/10604"
},
{
"name": "https://github.com/usebruno/bruno/pull/7632",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/usebruno/bruno/pull/7632"
},
{
"name": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat"
}
],
"source": {
"advisory": "GHSA-658g-p7jg-wx5g",
"discovery": "UNKNOWN"
},
"title": "Axios npm Supply Chain Incident Impacting @usebruno/cli"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34841",
"datePublished": "2026-04-06T16:08:08.198Z",
"dateReserved": "2026-03-30T20:52:53.285Z",
"dateUpdated": "2026-04-08T03:55:33.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44484 (GCVE-0-2026-44484)
Vulnerability from cvelistv5 – Published: 2026-05-14 14:59 – Updated: 2026-05-15 16:10
VLAI
Title
Compromise of PyTorch Lightning PyPi Package Versions
Summary
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.
Severity
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/Lightning-AI/pytorch-lightning… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lightning-AI | pytorch-lightning |
Affected:
2.6.2
Affected: 2.6.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T16:09:05.590623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T16:10:36.547Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pytorch-lightning",
"vendor": "Lightning-AI",
"versions": [
{
"status": "affected",
"version": "2.6.2"
},
{
"status": "affected",
"version": "2.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T14:59:03.933Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Lightning-AI/pytorch-lightning/security/advisories/GHSA-w37p-236h-pfx3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Lightning-AI/pytorch-lightning/security/advisories/GHSA-w37p-236h-pfx3"
}
],
"source": {
"advisory": "GHSA-w37p-236h-pfx3",
"discovery": "UNKNOWN"
},
"title": "Compromise of PyTorch Lightning PyPi Package Versions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44484",
"datePublished": "2026-05-14T14:59:03.933Z",
"dateReserved": "2026-05-06T17:18:51.783Z",
"dateUpdated": "2026-05-15T16:10:36.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45321 (GCVE-0-2026-45321)
Vulnerability from cvelistv5 – Published: 2026-05-12 00:12 – Updated: 2026-05-28 03:55
VLAI
Title
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
Summary
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
Severity
9.6 (Critical)
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/TanStack/router/security/advis… | x_refsource_CONFIRM |
| https://github.com/TanStack/router/issues/7383 | x_refsource_MISC |
| https://tanstack.com/blog/npm-supply-chain-compro… | x_refsource_MISC |
| https://www.stepsecurity.io/blog/mini-shai-hulud-… | x_refsource_MISC |
Impacted products
42 products
| Vendor | Product | Version | |
|---|---|---|---|
| @tanstack | arktype-adapter |
Affected:
1.166.12
Affected: 1.166.15 |
|
| @tanstack | eslint-plugin-router |
Affected:
1.161.9
Affected: 1.161.12 |
|
| @tanstack | eslint-plugin-start |
Affected:
0.0.4
Affected: 0.0.7 |
|
| @tanstack | history |
Affected:
1.161.9
Affected: 1.161.12 |
|
| @tanstack | nitro-v2-vite-plugin |
Affected:
1.154.12
Affected: 1.154.15 |
|
| @tanstack | react-router |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | react-router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | react-router-ssr-query |
Affected:
1.166.15
Affected: 1.166.18 |
|
| @tanstack | react-start |
Affected:
1.167.68
Affected: 1.167.71 |
|
| @tanstack | react-start-client |
Affected:
1.166.51
Affected: 1.166.54 |
|
| @tanstack | react-start-rsc |
Affected:
0.0.47
Affected: 0.0.50 |
|
| @tanstack | react-start-server |
Affected:
1.166.55
Affected: 1.166.58 |
|
| @tanstack | router-cli |
Affected:
1.166.46
Affected: 1.166.49 |
|
| @tanstack | router-core |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | router-devtools-core |
Affected:
1.167.6
Affected: 1.167.9 |
|
| @tanstack | router-generator |
Affected:
1.166.45
Affected: 1.166.48 |
|
| @tanstack | router-plugin |
Affected:
1.167.38
Affected: 1.167.41 |
|
| @tanstack | router-ssr-query-core |
Affected:
1.168.3
Affected: 1.168.6 |
|
| @tanstack | router-utils |
Affected:
1.161.11
Affected: 1.161.14 |
|
| @tanstack | outer-vite-plugin |
Affected:
1.166.53
Affected: 1.166.56 |
|
| @tanstack | solid-router |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | solid-router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | solid-router-ssr-query |
Affected:
1.166.15
Affected: 1.166.18 |
|
| @tanstack | solid-start |
Affected:
1.167.65
Affected: 1.167.68 |
|
| @tanstack | solid-start-client |
Affected:
1.166.50
Affected: 1.166.53 |
|
| @tanstack | solid-start-server |
Affected:
1.166.54
Affected: 1.166.57 |
|
| @tanstack | start-client-core |
Affected:
1.168.5
Affected: 1.168.8 |
|
| @tanstack | start-fn-stubs |
Affected:
1.161.9
Affected: 1.161.12 |
|
| @tanstack | start-plugin-core |
Affected:
1.169.23
Affected: 1.169.26 |
|
| @tanstack | start-server-core |
Affected:
1.167.33
Affected: 1.167.36 |
|
| @tanstack | start-static-server-functions |
Affected:
1.166.44
Affected: 1.166.47 |
|
| @tanstack | start-storage-context |
Affected:
1.166.38
Affected: 1.166.41 |
|
| @tanstack | valibot-adapter |
Affected:
1.166.12
Affected: 1.166.15 |
|
| @tanstack | virtual-file-routes |
Affected:
1.161.10
Affected: 1.161.13 |
|
| @tanstack | vue-router |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | vue-router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | vue-router-ssr-query |
Affected:
1.166.15
Affected: 1.166.18 |
|
| @tanstack | vue-start |
Affected:
1.167.61
Affected: 1.167.64 |
|
| @tanstack | vue-start-client |
Affected:
1.166.46
Affected: 1.166.49 |
|
| @tanstack | vue-start-server |
Affected:
1.166.50
Affected: 1.166.53 |
|
| @tanstack | zod-adapter |
Affected:
1.166.12
Affected: 1.166.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45321",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-05-27",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T03:55:26.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-27T00:00:00.000Z",
"value": "CVE-2026-45321 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "arktype-adapter",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.12"
},
{
"status": "affected",
"version": "1.166.15"
}
]
},
{
"product": "eslint-plugin-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.9"
},
{
"status": "affected",
"version": "1.161.12"
}
]
},
{
"product": "eslint-plugin-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "0.0.4"
},
{
"status": "affected",
"version": "0.0.7"
}
]
},
{
"product": "history",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.9"
},
{
"status": "affected",
"version": "1.161.12"
}
]
},
{
"product": "nitro-v2-vite-plugin",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.154.12"
},
{
"status": "affected",
"version": "1.154.15"
}
]
},
{
"product": "react-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "react-router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "react-router-ssr-query",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.15"
},
{
"status": "affected",
"version": "1.166.18"
}
]
},
{
"product": "react-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.68"
},
{
"status": "affected",
"version": "1.167.71"
}
]
},
{
"product": "react-start-client",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.51"
},
{
"status": "affected",
"version": "1.166.54"
}
]
},
{
"product": "react-start-rsc",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "0.0.47"
},
{
"status": "affected",
"version": "0.0.50"
}
]
},
{
"product": "react-start-server",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.55"
},
{
"status": "affected",
"version": "1.166.58"
}
]
},
{
"product": "router-cli",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.46"
},
{
"status": "affected",
"version": "1.166.49"
}
]
},
{
"product": "router-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "router-devtools-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.6"
},
{
"status": "affected",
"version": "1.167.9"
}
]
},
{
"product": "router-generator",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.45"
},
{
"status": "affected",
"version": "1.166.48"
}
]
},
{
"product": "router-plugin",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.38"
},
{
"status": "affected",
"version": "1.167.41"
}
]
},
{
"product": "router-ssr-query-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.168.3"
},
{
"status": "affected",
"version": "1.168.6"
}
]
},
{
"product": "router-utils",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.11"
},
{
"status": "affected",
"version": "1.161.14"
}
]
},
{
"product": "outer-vite-plugin",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.53"
},
{
"status": "affected",
"version": "1.166.56"
}
]
},
{
"product": "solid-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "solid-router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "solid-router-ssr-query",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.15"
},
{
"status": "affected",
"version": "1.166.18"
}
]
},
{
"product": "solid-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.65"
},
{
"status": "affected",
"version": "1.167.68"
}
]
},
{
"product": "solid-start-client",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.50"
},
{
"status": "affected",
"version": "1.166.53"
}
]
},
{
"product": "solid-start-server",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.54"
},
{
"status": "affected",
"version": "1.166.57"
}
]
},
{
"product": "start-client-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.168.5"
},
{
"status": "affected",
"version": "1.168.8"
}
]
},
{
"product": "start-fn-stubs",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.9"
},
{
"status": "affected",
"version": "1.161.12"
}
]
},
{
"product": "start-plugin-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.23"
},
{
"status": "affected",
"version": "1.169.26"
}
]
},
{
"product": "start-server-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.33"
},
{
"status": "affected",
"version": "1.167.36"
}
]
},
{
"product": "start-static-server-functions",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.44"
},
{
"status": "affected",
"version": "1.166.47"
}
]
},
{
"product": "start-storage-context",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.38"
},
{
"status": "affected",
"version": "1.166.41"
}
]
},
{
"product": "valibot-adapter",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.12"
},
{
"status": "affected",
"version": "1.166.15"
}
]
},
{
"product": "virtual-file-routes",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.10"
},
{
"status": "affected",
"version": "1.161.13"
}
]
},
{
"product": "vue-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "vue-router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "vue-router-ssr-query",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.15"
},
{
"status": "affected",
"version": "1.166.18"
}
]
},
{
"product": "vue-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.61"
},
{
"status": "affected",
"version": "1.167.64"
}
]
},
{
"product": "vue-start-client",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.46"
},
{
"status": "affected",
"version": "1.166.49"
}
]
},
{
"product": "vue-start-server",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.50"
},
{
"status": "affected",
"version": "1.166.53"
}
]
},
{
"product": "zod-adapter",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.12"
},
{
"status": "affected",
"version": "1.166.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes \u2014 a pull_request_target \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork\u2194base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process \u2014 to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T15:16:17.354Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx"
},
{
"name": "https://github.com/TanStack/router/issues/7383",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TanStack/router/issues/7383"
},
{
"name": "https://tanstack.com/blog/npm-supply-chain-compromise-postmortem",
"tags": [
"x_refsource_MISC"
],
"url": "https://tanstack.com/blog/npm-supply-chain-compromise-postmortem"
},
{
"name": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem"
}
],
"source": {
"advisory": "GHSA-g7cv-rxg3-hmpx",
"discovery": "UNKNOWN"
},
"title": "Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45321",
"datePublished": "2026-05-12T00:12:35.452Z",
"dateReserved": "2026-05-11T20:50:30.539Z",
"dateUpdated": "2026-05-28T03:55:26.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases: Implementation, Operation
Description:
- Remove the malicious code and start an effort to ensure that no more malicious code exists. This may require a detailed review of all code, as it is possible to hide a serious attack in only one or two lines of code. These lines may be located almost anywhere in an application and may have been intentionally obfuscated by the attacker.
CAPEC-442: Infected Software
An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. This logic is often hidden from the user of the software and works behind the scenes to achieve negative impacts. Many times, the malicious logic is inserted into empty space between legitimate code, and is then called when the software is executed. This pattern of attack focuses on software already fielded and used in operation as opposed to software that is still under development and part of the supply chain.
CAPEC-448: Embed Virus into DLL
An adversary tampers with a DLL and embeds a computer virus into gaps between legitimate machine instructions. These gaps may be the result of compiler optimizations that pad memory blocks for performance gains. The embedded virus then attempts to infect any machine which interfaces with the product, and possibly steal private data or eavesdrop.
CAPEC-636: Hiding Malicious Data or Code within Files
Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata about the file, such as a cached thumbnail for an image file. Unless utilities are invoked in a particular way, this data is not visible during the normal use of the file. It is possible for an attacker to store malicious data or code using these facilities, which would be difficult to discover.