MAL-2026-4416

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@ornexus/neocortex/MAL-2026-4416.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4416
Withdrawn
2026-05-26T21:41:23Z
Published
2026-05-21T20:05:46Z
Modified
2026-05-27T00:31:58.076651166Z
Summary
Malicious code in @ornexus/neocortex (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (bb66a92e1a8c414ee0c8877998a9587b7c8a4be3b9b27b76d874329a87bec5dc)

On npm install -g @ornexus/neocortex, postinstall.js spawns install.sh (or install.ps1) which, by default, runs an install_coderabbit step that fetches https://cli.coderabbit.ai/install.sh and pipes it directly into sh (PowerShell equivalent on Windows). The fetch is unpinned (no version, no commit, no hash/signature verification), from a domain (cli.coderabbit.ai) unrelated to the package's stated publisher (ornexus / neocortex.sh), and unconditional — any compromise, DNS hijack, or content change at cli.coderabbit.ai yields arbitrary code execution on the installer's machine with the privileges of npm install -g. Additional aggressive lifecycle behavior compounds the concern: the same script silently npm uninstall -gs two other packages and removes a neocortex-cli binary from PATH, and it auto-registers MCP servers in the user's Claude Code config that will subsequently npx -y <pkg>@latest unpinned third-party packages on every Claude startup. The curl-pipe-sh from a non-publisher domain is the primary block basis; the other behaviors are unconsented mutations of installer state.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "4.55.4"
            ],
            "id": "IN-MAL-2026-004010",
            "import_time": "2026-05-26T05:51:45.894592558Z",
            "modified_time": "2026-05-21T20:05:46Z",
            "sha256": "1462eaef8fde587e799c63a72f1b25c20302c8b37931442a2fc948829404d321",
            "source": "amazon-inspector"
        },
        {
            "versions": [
                "4.55.4"
            ],
            "id": "IN-MAL-2026-004009",
            "import_time": "2026-05-26T05:51:45.775321022Z",
            "modified_time": "2026-05-21T20:05:46Z",
            "sha256": "bb66a92e1a8c414ee0c8877998a9587b7c8a4be3b9b27b76d874329a87bec5dc",
            "source": "amazon-inspector"
        },
        {
            "versions": [
                "4.55.5"
            ],
            "id": "IN-MAL-2026-004384",
            "import_time": "2026-05-26T05:52:29.613968474Z",
            "modified_time": "2026-05-23T22:12:01Z",
            "sha256": "282b046894c2bc0b98fde7f613c5953a1260bdad57a3dd497d2abbf7b9a6c5d7",
            "source": "amazon-inspector"
        },
        {
            "sha256": "6c5d0c615cd8d559e82d028171e53a46b965176e61049fad203511d82a9015e8",
            "id": "IN-MAL-2026-004385",
            "import_time": "2026-05-26T05:52:29.72387359Z",
            "modified_time": "2026-05-23T22:12:02Z",
            "versions": [
                "4.55.5"
            ],
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / @ornexus/neocortex

Package

Name
@ornexus/neocortex
View open source insights on deps.dev
Purl
pkg:npm/%40ornexus%2Fneocortex

Affected ranges

Affected versions

4.*
4.55.4
4.55.5

Database specific

indicators
{
    "evidence_files": [
        {
            "tlsh": "9a739671e949d9f23649c26c69ca910533183217b90a7e09f95eb3083fdc35da2e637e",
            "sha256": "68b7f11c381679ba8a9e53c7ceeb9102b63bc498ed846e14e80d892e9b426e3b",
            "path": "install.sh"
        }
    ],
    "package_integrity": [
        {
            "filename": "neocortex-4.55.4.tgz",
            "hashes": {
                "sha512_sri": "sha512-hz22PnN7e+xGtJUSLkpndADjPfAUKXaoXVlwnfTdQVGs1cE28rw2wROHG/1U4wXQGq1dJbkXuCNLSEcJPUEYjg==",
                "sha1": "f6897b819cd25261b3478b3810b6037f2403535a"
            }
        }
    ],
    "domains": [
        "api.neocortex.sh"
    ]
}
cwes
[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    },
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@ornexus/neocortex/MAL-2026-4416.json"