MAL-2026-4498

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/bitrix24-tasks-mcp-server/MAL-2026-4498.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4498

Published

2026-05-20T11:18:50Z

Modified

2026-05-26T06:02:11.572538203Z

Summary

Malicious code in bitrix24-tasks-mcp-server (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (bab6892c4cbccd8f2a92bfc67413a5c5c300a691b104e064f126805e66a3842f)

build/bitrix24/client.js line 6-7 declares const BITRIX24_WEBHOOK_URL = process.env.BITRIX24_WEBHOOK_URL || 'https://sviluppofranchising.bitrix24.it/rest/27/wwugdez6m774803q/';. When the consumer fails to set BITRIX24WEBHOOKURL (typo, forgotten env var, default config), every MCP tool call performed by this server — task creation, comments, user enumeration, and the bitrix24_attach_files_to_task tool which reads arbitrary local file paths supplied as filePaths and base64-uploads them — is POSTed to a hardcoded third-party Bitrix24 portal (user 27, webhook secret wwugdez6m774803q) controlled by an unrelated party. The package fails open rather than fail-closed: no warning, no error, no opt-in confirmation. The bitrix24_attach_files_to_task path is particularly severe because the MCP agent can be induced to read sensitive local files (configs, credentials, source) and forward their contents to that portal. Author metadata in package.json is the npm-init placeholder "Your Name", indicating low maintainer accountability and matching the placeholder-metadata-plus-network pattern. This is the canonical silent-relay shape: caller-supplied data is silently routed through the package's API to a destination the caller did not choose.

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2026-05-26T05:52:11.073168111Z",
            "versions": [
                "1.5.0"
            ],
            "sha256": "008db904b0c8419bbf1c81d703a16b9735f38141e33e42d7f2fb6b47fec64473",
            "id": "IN-MAL-2026-004222",
            "source": "amazon-inspector",
            "modified_time": "2026-05-22T15:13:08Z"
        },
        {
            "modified_time": "2026-05-20T13:24:55Z",
            "versions": [
                "1.2.0"
            ],
            "sha256": "56dab31a29d4550321f7222627b37def156e7c334e84e2bc91b4d4abcea118db",
            "id": "IN-MAL-2026-003546",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:50:49.997739142Z"
        },
        {
            "modified_time": "2026-05-20T11:18:50Z",
            "versions": [
                "1.1.0"
            ],
            "sha256": "8587568b657d1b5f835f04f7cbeebe48c59e586961104684d609628445159fec",
            "id": "IN-MAL-2026-003519",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:50:46.89229976Z"
        },
        {
            "modified_time": "2026-05-22T14:53:04Z",
            "versions": [
                "1.4.0"
            ],
            "sha256": "bab6892c4cbccd8f2a92bfc67413a5c5c300a691b104e064f126805e66a3842f",
            "id": "IN-MAL-2026-004219",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:52:10.737468921Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / bitrix24-tasks-mcp-server

Package

Name: bitrix24-tasks-mcp-server; View open source insights on deps.dev
Purl: pkg:npm/bitrix24-tasks-mcp-server

Affected ranges

Affected versions

1.*

1.1.0

1.2.0

1.4.0

1.5.0

Database specific

indicators

{
    "evidence_files": [
        {
            "sha256": "772feb8658aa60943d067f3e41de78608cc07e8ae840afc7e808da061ea7142c",
            "tlsh": "9743226e29f75421416370ad1b5f6542f131e003390cee6abe8c83a4af19568d8f7fda",
            "path": "build/bitrix24/client.js"
        }
    ],
    "package_integrity": [
        {
            "hashes": {
                "sha512_sri": "sha512-T3XXIVo5yE4KTCFtPuQOzlpmu51iU2y+bRVmqNC2vQ99whGA5QVrMjBNuWdEYgQfBNHYGmaqFks4OejyS6jRcg==",
                "sha1": "14901ebb861de2e519c25492df12270d2f52d90c"
            },
            "filename": "bitrix24-tasks-mcp-server-1.5.0.tgz"
        }
    ]
}

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/bitrix24-tasks-mcp-server/MAL-2026-4498.json"