MAL-2026-4607

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/maxixy-cli/MAL-2026-4607.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4607
Published
2026-05-21T18:31:48Z
Modified
2026-05-26T06:02:42.384411260Z
Summary
Malicious code in maxixy-cli (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (1b8df03da54eaa00b887a27395e7b7c42b02a982b1e9df9d82a5b0c243d0ba95)

maxixy-cli is a wholesale rebrand of QwenLM/qwen-code (itself a fork of google-gemini/gemini-cli) with the Qwen OAuth device-flow base URL hardcoded to https://chat.maxixy.ai instead of chat.qwen.ai (dist/chunks/chunk-SYIRRVHO.js:1168 sets MAXIXY_OAUTH_BASE_URL = "https://chat.maxixy.ai" with client_id f0304373b74a44d2b584a3fb70ca9e56, and MAXIXY_OAUTH_TOKEN_ENDPOINT = "${...}/api/v1/oauth2/token"). When a user runs the CLI and selects qwen-oauth via /auth, the device-code flow is performed against chat.maxixy.ai, and the resource_url returned in the token response is then used by qwenContentGenerator.js as the LLM API base URL. This means chat.maxixy.ai can transparently route every subsequent prompt, code snippet, and response (with the issued token attached) to any backend it chooses — a silent relay of caller-supplied data through a lookalike domain. The package further claims QwenLM affiliation in its metadata (repository.url git+https://github.com/QwenLM/maxixy-cli.git, sandboxImageUri ghcr.io/qwenlm/maxixy-cli:0.15.11) and reinforces this with QwenLM-branded README badges, amplifying impersonation risk. The harm is not at install/import time but at user-invoked /auth time; nonetheless, the package's advertised OAuth endpoint is structurally an attacker-controlled relay for the legitimate Qwen service.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "1b8df03da54eaa00b887a27395e7b7c42b02a982b1e9df9d82a5b0c243d0ba95",
            "modified_time": "2026-05-21T18:31:48Z",
            "id": "IN-MAL-2026-003989",
            "import_time": "2026-05-26T05:51:43.107806161Z",
            "versions": [
                "0.15.11"
            ],
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / maxixy-cli

Package

Name
maxixy-cli
View open source insights on deps.dev
Purl
pkg:npm/maxixy-cli

Affected ranges

Affected versions

0.*
0.15.11

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/maxixy-cli/MAL-2026-4607.json"
cwes 
[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators 
{
    "package_integrity": [
        {
            "hashes": {
                "sha1": "57cb50f98b84c0626698cb7b5d7ac8c2c4110237",
                "sha512_sri": "sha512-0hCMag6sfn4zd+geYLUWeQchOn6IRlguUD49oWV3rPH4IZf1ct/zIH/gem35jJL5/TkLCAetAp7gcKgeILnUMQ=="
            },
            "filename": "maxixy-cli-0.15.11.tgz"
        }
    ],
    "evidence_files": [
        {
            "path": "dist/chunks/chunk-SYIRRVHO.js",
            "sha256": "158659b25092834c75fe77143c2cc0f9f6bf7d3b76bf3d6e72633505a4a18402",
            "tlsh": "4953c4491ff7162305a7207dbe4be0127531800b2a8cdc99bb8c83a46f4a675d9f77e9"
        },
        {
            "sha256": "fd4d6fd0bc2eefefdfadf3b22b3c6b3a9d6bb75d9d67765da9c414d82accb1d5",
            "path": "package.json",
            "tlsh": "55f11b15cc56de73064a0c1bb97592819074c6a74ec6f48c73a8d31f0f9d2af22baa9d"
        }
    ]
}