Skip to main content

CWE-506

Embedded Malicious Code

34 CVEs Avg CVSS 8.8 MITRE
16
CRITICAL
14
HIGH
2
MEDIUM
1
LOW
9
POC
7
KEV

Monthly

CVE-2026-48027 CRITICAL POC KEV THREAT CISA Emergency

Embedded malicious code in Nx Console (the editor extension for Nx and Lerna) version 18.95.0 turned a trusted developer tool into a trojan during a brief publish window on 19 May 2026. The poisoned build was live on the Visual Studio Marketplace for roughly 18 minutes (12:30-12:48 UTC) and on OpenVSX for roughly 36 minutes (12:33-13:09 UTC); any developer who installed or auto-updated during those windows executed attacker-controlled code inside their IDE, tagged here as information disclosure. It is confirmed actively exploited (CISA KEV) and publicly available exploit code exists, with CISA SSVC rating exploitation as active, automatable, and total technical impact; the clean release 18.100.0 is the fix.

Information Disclosure Nx Console
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
26.8%
Threat
4.9
CVE-2026-46421 npm CRITICAL PATCH GHSA MAL Act Now

Supply-chain compromise of SAP's Cloud Application Programming (CAP) Node.js database packages, where trojanized versions @cap-js/sqlite@2.2.2, @cap-js/postgres@2.2.2, and @cap-js/db-service@2.10.1 were published to npm on April 29, 2026, harvesting all local credentials (npm tokens, cloud keys, SSH keys, GitHub PATs) and attempting worm-like self-propagation. Any developer or CI pipeline that installed these versions must treat every credential on the affected machine as compromised. Rated CVSS 4.0 9.3 (Critical); EPSS is low (0.03%) and it is not in CISA KEV, but the malicious code was itself actively distributed via npm — a 'mini Shai-Hulud' style attack.

Node.js PostgreSQL Information Disclosure
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-46412 npm CRITICAL GHSA MAL Act Now

Supply-chain compromise of the npm package @beproduct/nestjs-auth (versions 0.1.2 through 0.1.19) delivered the Mini Shai-Hulud worm payload via a malicious postinstall script, harvesting npm, GitHub, AWS, and HashiCorp Vault credentials from any developer or CI host that ran npm install during a 2h37m publication window on 2026-05-11. Confirmed actively exploited during that window via an attacker-controlled npm publish token; clean version 0.1.20 republishes the original 0.1.1 source tree. CVSS 10.0 reflects the unauthenticated, network-driven supply-chain delivery and scope change into the install environment.

Node.js Information Disclosure Hashicorp
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-45758 PyPI CRITICAL GHSA MAL Act Now

Supply chain compromise in the guardrails-ai Python package allows attackers to execute embedded malicious code on any developer or production host that installed version 0.10.1 from PyPI on May 11, 2026. The malicious release was live for roughly two hours before PyPI quarantined it, and the vendor reports no observed callbacks to Guardrails AI infrastructure, but any system that pulled 0.10.1 should be treated as compromised. No public exploit identified at time of analysis as a separate artifact - the package itself is the exploit, and exploitation requires user interaction (the install action) per the CVSS UI:R designation.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-8398 CRITICAL POC KEV PATCH THREAT Act Now

Supply chain compromise of DAEMON Tools Lite for Windows delivered trojanized installers through the legitimate vendor website daemon-tools.cc from April 8 to May 5, 2026. Attackers compromised AVB Disc Soft's build infrastructure and injected malicious code into three binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe), all signed with the vendor's legitimate code-signing certificate. This allowed remote attackers to achieve arbitrary code execution on systems installing affected versions (12.5.0.2421 through 12.5.0.2434) with no user interaction required beyond normal installation. The legitimate digital signature bypassed security controls that rely on code-signing verification, making detection extremely difficult during the compromise window.

Authentication Bypass Microsoft
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
Threat
4.9
CVE-2026-45321 npm CRITICAL POC KEV PATCH THREAT GHSA MAL Act Now

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actions exploitation. Attackers combined pull_request_target misconfiguration, Actions cache poisoning, and OIDC token memory extraction to publish malicious code under the legitimate TanStack identity. Installing any affected version executes a 2.3 MB obfuscated payload that exfiltrates AWS/GCP/Kubernetes credentials, npm tokens, GitHub secrets, SSH keys, and HashiCorp Vault tokens over encrypted Session/Oxen messenger infrastructure. The payload propagates by republishing victim-maintained packages with identical injection. Socket.dev and the TanStack team confirmed the incident via GHSA-g7cv-rxg3-hmpx. No EPSS or CISA KEV data available for this recent supply-chain attack. CVSS 9.6 reflects the cross-scope credential theft impact (S:C/C:H/I:H), though exploitation requires user-initiated package installation (UI:R).

Kubernetes Node.js Hashicorp Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.0%
Threat
4.9
CVE-2026-44484 PyPI CRITICAL GHSA Act Now

Supply chain compromise in PyTorch Lightning versions 2.6.2 and 2.6.3 delivers credential-harvesting malware through the official PyPI distribution channel. Lightning AI confirmed malicious code was injected into these specific releases, targeting API keys, access tokens, SSH keys, and service account credentials. The compromised versions were quarantined from PyPI and users are directed to downgrade to known-clean version 2.6.1. The CVSS 9.3 score reflects network-accessible exploitation requiring no authentication or user interaction, though exploitation is limited to systems that specifically installed the two poisoned versions.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-6443 CRITICAL Act Now

Malicious backdoor in Accordion and Accordion Slider plugin version 1.4.6 allows remote unauthenticated attackers complete site compromise. The plugin was sold to a threat actor who systematically embedded backdoors across their entire portfolio of acquired WordPress plugins. This represents confirmed active supply chain compromise affecting WordPress sites running version 1.4.6, enabling persistent unauthorized access and spam injection without authentication.

Code Injection WordPress
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-34424 CRITICAL Act Now

Supply chain compromise in Smart Slider 3 Pro 3.5.1.35 for WordPress and Joomla delivers multi-stage remote access toolkit via compromised update mechanism. Unauthenticated attackers achieve pre-authentication remote code execution through malicious HTTP headers, deploy authenticated backdoors accepting arbitrary PHP/OS commands, create hidden administrator accounts, exfiltrate credentials and API keys, and establish persistence via must-use plugins and core file modifications. Vendor confirmed malicious build distributed through official update channel. No public exploit identified at time of analysis.

RCE WordPress PHP
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-33634 Go CRITICAL POC KEV PATCH THREAT GHSA Emergency

Trivy security scanner v0.69.4 was compromised in a supply chain attack where a threat actor used stolen credentials to publish malicious releases and force-push credential-stealing malware to GitHub Actions repositories.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
Threat
4.9
EPSS 27% 4.9 CVSS 9.3
CRITICAL POC KEV THREAT Emergency

Embedded malicious code in Nx Console (the editor extension for Nx and Lerna) version 18.95.0 turned a trusted developer tool into a trojan during a brief publish window on 19 May 2026. The poisoned build was live on the Visual Studio Marketplace for roughly 18 minutes (12:30-12:48 UTC) and on OpenVSX for roughly 36 minutes (12:33-13:09 UTC); any developer who installed or auto-updated during those windows executed attacker-controlled code inside their IDE, tagged here as information disclosure. It is confirmed actively exploited (CISA KEV) and publicly available exploit code exists, with CISA SSVC rating exploitation as active, automatable, and total technical impact; the clean release 18.100.0 is the fix.

Information Disclosure Nx Console
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Supply-chain compromise of SAP's Cloud Application Programming (CAP) Node.js database packages, where trojanized versions @cap-js/sqlite@2.2.2, @cap-js/postgres@2.2.2, and @cap-js/db-service@2.10.1 were published to npm on April 29, 2026, harvesting all local credentials (npm tokens, cloud keys, SSH keys, GitHub PATs) and attempting worm-like self-propagation. Any developer or CI pipeline that installed these versions must treat every credential on the affected machine as compromised. Rated CVSS 4.0 9.3 (Critical); EPSS is low (0.03%) and it is not in CISA KEV, but the malicious code was itself actively distributed via npm — a 'mini Shai-Hulud' style attack.

Node.js PostgreSQL Information Disclosure
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Supply-chain compromise of the npm package @beproduct/nestjs-auth (versions 0.1.2 through 0.1.19) delivered the Mini Shai-Hulud worm payload via a malicious postinstall script, harvesting npm, GitHub, AWS, and HashiCorp Vault credentials from any developer or CI host that ran npm install during a 2h37m publication window on 2026-05-11. Confirmed actively exploited during that window via an attacker-controlled npm publish token; clean version 0.1.20 republishes the original 0.1.1 source tree. CVSS 10.0 reflects the unauthenticated, network-driven supply-chain delivery and scope change into the install environment.

Node.js Information Disclosure Hashicorp
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL Act Now

Supply chain compromise in the guardrails-ai Python package allows attackers to execute embedded malicious code on any developer or production host that installed version 0.10.1 from PyPI on May 11, 2026. The malicious release was live for roughly two hours before PyPI quarantined it, and the vendor reports no observed callbacks to Guardrails AI infrastructure, but any system that pulled 0.10.1 should be treated as compromised. No public exploit identified at time of analysis as a separate artifact - the package itself is the exploit, and exploitation requires user interaction (the install action) per the CVSS UI:R designation.

Authentication Bypass
NVD GitHub
EPSS 0% 4.9 CVSS 9.3
CRITICAL POC KEV PATCH THREAT Act Now

Supply chain compromise of DAEMON Tools Lite for Windows delivered trojanized installers through the legitimate vendor website daemon-tools.cc from April 8 to May 5, 2026. Attackers compromised AVB Disc Soft's build infrastructure and injected malicious code into three binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe), all signed with the vendor's legitimate code-signing certificate. This allowed remote attackers to achieve arbitrary code execution on systems installing affected versions (12.5.0.2421 through 12.5.0.2434) with no user interaction required beyond normal installation. The legitimate digital signature bypassed security controls that rely on code-signing verification, making detection extremely difficult during the compromise window.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% 4.9 CVSS 9.6
CRITICAL POC KEV PATCH THREAT Act Now

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actions exploitation. Attackers combined pull_request_target misconfiguration, Actions cache poisoning, and OIDC token memory extraction to publish malicious code under the legitimate TanStack identity. Installing any affected version executes a 2.3 MB obfuscated payload that exfiltrates AWS/GCP/Kubernetes credentials, npm tokens, GitHub secrets, SSH keys, and HashiCorp Vault tokens over encrypted Session/Oxen messenger infrastructure. The payload propagates by republishing victim-maintained packages with identical injection. Socket.dev and the TanStack team confirmed the incident via GHSA-g7cv-rxg3-hmpx. No EPSS or CISA KEV data available for this recent supply-chain attack. CVSS 9.6 reflects the cross-scope credential theft impact (S:C/C:H/I:H), though exploitation requires user-initiated package installation (UI:R).

Kubernetes Node.js Hashicorp +1
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Supply chain compromise in PyTorch Lightning versions 2.6.2 and 2.6.3 delivers credential-harvesting malware through the official PyPI distribution channel. Lightning AI confirmed malicious code was injected into these specific releases, targeting API keys, access tokens, SSH keys, and service account credentials. The compromised versions were quarantined from PyPI and users are directed to downgrade to known-clean version 2.6.1. The CVSS 9.3 score reflects network-accessible exploitation requiring no authentication or user interaction, though exploitation is limited to systems that specifically installed the two poisoned versions.

Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Malicious backdoor in Accordion and Accordion Slider plugin version 1.4.6 allows remote unauthenticated attackers complete site compromise. The plugin was sold to a threat actor who systematically embedded backdoors across their entire portfolio of acquired WordPress plugins. This represents confirmed active supply chain compromise affecting WordPress sites running version 1.4.6, enabling persistent unauthorized access and spam injection without authentication.

Code Injection WordPress
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Supply chain compromise in Smart Slider 3 Pro 3.5.1.35 for WordPress and Joomla delivers multi-stage remote access toolkit via compromised update mechanism. Unauthenticated attackers achieve pre-authentication remote code execution through malicious HTTP headers, deploy authenticated backdoors accepting arbitrary PHP/OS commands, create hidden administrator accounts, exfiltrate credentials and API keys, and establish persistence via must-use plugins and core file modifications. Vendor confirmed malicious build distributed through official update channel. No public exploit identified at time of analysis.

RCE WordPress PHP
NVD
EPSS 0% 4.9 CVSS 9.4
CRITICAL POC KEV PATCH THREAT Emergency

Trivy security scanner v0.69.4 was compromised in a supply chain attack where a threat actor used stolen credentials to publish malicious releases and force-push credential-stealing malware to GitHub Actions repositories.

Information Disclosure Suse
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy