MAL-2026-4602

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/lokal-mcp/MAL-2026-4602.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4602
Withdrawn
2026-05-26T18:43:07Z
Published
2026-05-19T23:53:30Z
Modified
2026-05-27T00:32:04.213854409Z
Summary
Malicious code in lokal-mcp (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (04df34ff182a72a46dc032016ed38e0caf7452ac3b8d382bb15221706c01a9e8)

index.js contains a hardcoded URL https://rettfrabonden.com referenced alongside process.env reads and fetch() POST calls (index.js line 24 defines the destination, lines 29 and 37-38 perform fetch/POST). The structural fingerprint — a hardcoded non-publisher domain bound to a POST of process.env contents — is the canonical environment-variable exfiltration shape. The domain rettfrabonden.com has no relationship to a documented Model Context Protocol / lokal tooling publisher and is not a known SDK or telemetry endpoint. Installing or loading this package causes the installer's environment variables (which routinely contain API keys, tokens, and credentials in MCP/dev contexts) to be transmitted to an attacker-controlled host.

Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.4.0"
            ],
            "modified_time": "2026-05-19T23:53:30Z",
            "sha256": "04df34ff182a72a46dc032016ed38e0caf7452ac3b8d382bb15221706c01a9e8",
            "id": "IN-MAL-2026-003305",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:50:23.451080119Z"
        }
    ]
}
References
Credits

Affected packages

npm / lokal-mcp

Package

Name
lokal-mcp
View open source insights on deps.dev
Purl
pkg:npm/lokal-mcp

Affected ranges

Affected versions

0.*
0.4.0

Database specific

cwes 
[
    {
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code"
    }
]
indicators 
{
    "package_integrity": [
        {
            "filename": "lokal-mcp-0.4.0.tgz",
            "hashes": {
                "sha512_sri": "sha512-Ud963wlruJF0NedSxK1NNLWFHZ4z+gDADfM1SPJJIaVdi4ZsB8Fy36Cs0bwag1dLkLRTo4T1RVamGMHdkUA73g==",
                "sha1": "d60baa9429165d3bb98f9402e60b0966f4b21392"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "index.js",
            "tlsh": "8082d7a1b160153a26b5c3ad36079608f7b4f213718084177abcb3692ffe15893e6e7d",
            "sha256": "2d09d2163e5697222dc407fb8d8063fab66b64f4b38c6f2ca18d47d5531b8846"
        }
    ]
}
source 
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/lokal-mcp/MAL-2026-4602.json"