MAL-2026-3607
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/guardrails-ai/MAL-2026-3607.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-3607
- Published
- 2026-05-12T05:49:00Z
- Modified
- 2026-05-12T07:07:00.276596Z
- Summary
- Malicious code in guardrails-ai (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: google-open-source-security (5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5)
This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor.
The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.
- Database specific
{ "iocs": { "domains": [ "git-tanstack.com", "filev2.getsession.org", "api.masscan.cloud", "seed1.getsession.org" ] }, "malicious-packages-origins": [ { "import_time": "2026-05-12T06:23:00.48559Z", "sha256": "5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5", "source": "google-open-source-security", "modified_time": "2026-05-12T06:19:26Z", "versions": [ "0.10.1" ] } ] }- References
-
- https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised
- https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
- https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
- https://tanstack.com/blog/npm-supply-chain-compromise-postmortem
- https://snyk.io/blog/tanstack-npm-packages-compromised/
Affected packages
PyPI / guardrails-ai
Package
- Name
- guardrails-ai
- View open source insights on deps.dev
- Purl
- pkg:pypi/guardrails-ai