MAL-2026-10730

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/codeam-cli/MAL-2026-10730.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10730
Published
2026-07-16T18:45:06Z
Modified
2026-07-16T19:19:44.245608511Z
Summary
Malicious code in codeam-cli (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (2e8b39baa6129e1e1988002fcbeb2f62464f84fc7458f82f3754d1033a9b4ca6)

codeam-cli spawns a node-pty pseudo-terminal wrapping the local Claude Code / Codex agent process and connects outbound over WebSocket to a hardcoded relay at https://api.codeagent-mobile.com. Messages received from the remote relay are written into the local PTY via pty.write as if typed at the keyboard, meaning any party controlling the paired mobile/web session on that relay can inject arbitrary keystrokes into the local agent shell. Because the wrapped agent has local tool access (shell commands, file read/write), this dataflow is functionally full-host remote code execution against the installer's machine, mediated by the vendor's relay. The README additionally documents a user-invoked self-hosted enrollment path that pipes https://api.codeagent-mobile.com/api/self-hosted/enroll.sh into sh with an enrollment token, standing up the same relay-driven agent (and a systemd service) on additional hosts; this fetch is from the package's own publisher domain and user-invoked, so it is not an install-time dropper on its own, but it extends the same remote-control plane. The bundle also mutates PATH in several locations in dist/index.js.

Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-07-16T18:45:06Z",
            "sha256": "2e8b39baa6129e1e1988002fcbeb2f62464f84fc7458f82f3754d1033a9b4ca6",
            "versions": [
                "2.61.1"
            ],
            "import_time": "2026-07-16T18:54:03.812799389Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-010770"
        },
        {
            "modified_time": "2026-07-16T18:46:13Z",
            "sha256": "8d97838056bf897e32c05612de2175094d31b6795910661e999d47fa08b46554",
            "versions": [
                "2.61.3"
            ],
            "import_time": "2026-07-16T18:54:04.201639174Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-010777"
        }
    ]
}
References
Credits

Affected packages

npm / codeam-cli

Package

Affected ranges

Affected versions

2.*
2.61.1
2.61.3

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    },
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "codeam-cli-2.61.1.tgz",
            "hashes": {
                "sha1": "09e23b4806093b6eee14c9ecfaf6b99542d54ca5",
                "sha512_sri": "sha512-iZ1GVc/jV2caLYWg8pEg0lX3mwOqKk2JI5ETwvQEfiEyMCikmBGvxF6+dpzk5fcvMGCvS7/dDjjta0uMWTpIqg=="
            }
        }
    ],
    "evidence_files": [
        {
            "tlsh": "ee55f85a76f7153506a3a0785a5b4012b73990073609ec68faec83e42f8d578c6f3bf9",
            "sha256": "6df7cdc38c751f28462f46edbed694559fa089b1c20972568ad472e7d2b606f6",
            "path": "dist/index.js"
        },
        {
            "tlsh": "e2320a9bad5507770ba606e1b98775d4df3e94ae22921c88fc7d436cc190b9c827b0ec",
            "sha256": "e6385f6651b7228b001be004c3585bc6b6c611ff585dfee53def1e06f2548683",
            "path": "README.md"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/codeam-cli/MAL-2026-10730.json"