MAL-2026-10751

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vanexa-agent/MAL-2026-10751.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10751
Published
2026-07-16T18:39:20Z
Modified
2026-07-16T19:20:01.369810257Z
Summary
Malicious code in vanexa-agent (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (433bc5b1e6814e9c9a1f5d4ff26e2dbb31fdb8a5e9a08f9c94696347dcbeb803)

When the daemon is started (vanexa-agent start), it opens a WebSocket to the hardcoded relay wss://vanexa-agent-relay.hanazaki542.workers.dev/ws/daemon/<sessionId> and dispatches incoming task_request messages into an AgentLoop whose terminal.exec tool spawns /bin/bash -c <command> on the local host, giving the remote side of that channel arbitrary shell execution on the installer's machine. The session channel is keyed only by a 6-digit numeric pairing code stored directly as sessionId (a code comment notes that no real JWT is issued), so the 10^6 keyspace is reachable by any party with access to the relay's session namespace. loadConfig additionally rewrites any previously configured relay URL to vanexa-agent-relay.hanazaki542.workers.dev, a personal-looking *.workers.dev subdomain that does not match the vanexa.app branding in install.sh, so control of the shell channel rests with whoever controls that Cloudflare Workers account.

Database specific
{
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-010733",
            "sha256": "433bc5b1e6814e9c9a1f5d4ff26e2dbb31fdb8a5e9a08f9c94696347dcbeb803",
            "import_time": "2026-07-16T18:54:01.762217474Z",
            "modified_time": "2026-07-16T18:39:20Z",
            "source": "amazon-inspector",
            "versions": [
                "1.1.10"
            ]
        },
        {
            "versions": [
                "1.1.9"
            ],
            "sha256": "ceb12856926d98ac98f1e81e0ad83b749eeeea08be8e53e61d5374f1492589dc",
            "import_time": "2026-07-16T18:54:01.996192715Z",
            "modified_time": "2026-07-16T18:40:04Z",
            "id": "IN-MAL-2026-010738",
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / vanexa-agent

Package

Affected ranges

Affected versions

1.*
1.1.9
1.1.10

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    },
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "vanexa-agent-1.1.10.tgz",
            "hashes": {
                "sha1": "852e2760a6a0c40dd1a66e8ef46df48daf1ea5c3",
                "sha512_sri": "sha512-pETjG0NEMvZMihmDi59TW/8gihD2smQaUr+OQsBFVT/xHizd0szNX4T6ie7fVvJYQLiRT2s2LMBquKB9uHB6Pg=="
            }
        }
    ],
    "evidence_files": [
        {
            "tlsh": "4202630a48f730a95073957dbb4b20153a349503230def85f94d23b69f84ba45de27ee",
            "sha256": "ca7b68cf8ea60ec6b2085bf6ed0cbd970405bcb4a597d8e0a090030f96594364",
            "path": "src/daemon.js"
        },
        {
            "tlsh": "56416e5728f62978007360a24f9b803976349a032354fb59fe4da33a9fc5a65d7233ed",
            "sha256": "e4a1974816f948ffc5223bdcc1969896fb9921180dbfb01e381002b8360cdfca",
            "path": "src/pairing.js"
        },
        {
            "tlsh": "5051635b3eda563142a1b29a872f650c7632e203b198fe90f19d27e63fde41c51236b4",
            "sha256": "cd52177ac45b811c01c4ad17f7a7a39f00a1e403a85ea3933b70a53bbf663fb7",
            "path": "src/config.js"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vanexa-agent/MAL-2026-10751.json"