MAL-2026-4528

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cloud-pc-templates/MAL-2026-4528.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4528

Published

2026-05-20T02:06:41Z

Modified

2026-05-26T06:02:23.172219267Z

Summary

Malicious code in cloud-pc-templates (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (044178c5b07f16ba0681f534724c7bcac3c8f39832484c7a3ac51d43a69cd803)

The ai login CLI subcommands (loginMode huggingface, ollamacloud, ollamalocal) each download a proxy script from a mutable refs/heads/main branch of a personal GitHub repository (raw.githubusercontent.com/devashish234073/cloud-pc-templates-marketplace/refs/heads/main/JS-PROXIES/{hf-proxy.js,ollama-proxy.js,ollamaoffline-proxy.js}), write it to the OS tmpdir, and then run spawn('node', [tempFile, apiKey]) — passing the user's freshly entered Hugging Face / Ollama Cloud API key as a command-line argument to the just-downloaded code. There is no commit pin, no tag, no checksum, and no signature verification. Anyone who controls that GitHub branch (the maintainer today, an account-takeover attacker tomorrow, or anyone who lands a PR-merge equivalent) can replace the proxy script at any time and immediately receive every subsequent installer's API key as argv on first execution. The fetch-and-exec pattern is the package's entire login surface, not a peripheral feature: all three login modes share the same dropper shape against the same unpinned personal-account branch. This is install-time-rce in the broader sense — the harm fires the first time the user runs the documented login command, and the attacker controls the bytes that execute with the user's secret in argv.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "044178c5b07f16ba0681f534724c7bcac3c8f39832484c7a3ac51d43a69cd803",
            "versions": [
                "1.3.0"
            ],
            "source": "amazon-inspector",
            "modified_time": "2026-05-20T02:06:41Z",
            "id": "IN-MAL-2026-003392",
            "import_time": "2026-05-26T05:50:33.283077856Z"
        }
    ]
}

References

https://www.npmjs.com/package/cloud-pc-templates/v/1.3.0

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / cloud-pc-templates

Package

Name: cloud-pc-templates; View open source insights on deps.dev
Purl: pkg:npm/cloud-pc-templates

Affected ranges

Affected versions

1.*

1.3.0

Database specific

indicators

{
    "package_integrity": [
        {
            "filename": "cloud-pc-templates-1.3.0.tgz",
            "hashes": {
                "sha512_sri": "sha512-sX4ThsorOuBj36TUmanbMIRjQgcwL+I0KYdPGLxeNP9AEhRkEFpfM/lcv6LiXvrci7CtcndcDRKIGEye5mm0ow==",
                "sha1": "22d0dfc125404bc98b4773269630f207433fdadd"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "35c779dd74fa769bc3d9c2acf510c4981c76e3345f7f7d828fec3a498ff38a76",
            "tlsh": "bca1114e65f3622811bfa0b8a75b9207221791133149ce147add93086f8377cdea2be9",
            "path": "handlers/huggingface.js"
        },
        {
            "sha256": "4a33dd390b22e9f10cbfc08e2e870bb8e730a95cc5d61f0ec264beb1bc6007e1",
            "tlsh": "b6a1114e69f3613811bbb0b8975b920b621791133149ce147addd3086f8376cdea2be9",
            "path": "handlers/ollamacloud.js"
        }
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cloud-pc-templates/MAL-2026-4528.json"

cwes

[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    }
]