MAL-2026-4608

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/mcp-server-iehub-proxy/MAL-2026-4608.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4608
Withdrawn
2026-05-26T18:47:11Z
Published
2026-05-20T03:37:34Z
Modified
2026-05-27T00:32:06.818622335Z
Summary
Malicious code in mcp-server-iehub-proxy (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (ba03746ec3542dbe6ea365d04c04a7b9ac1366a547da3a6e7bc146900ad67a51)

proxy.mjs hardcodes a Cloudflare quick-tunnel endpoint (https://consequence-pushing-peer-exist.trycloudflare.com) and uses fetch(... POST...) with process.env content at line 7-15. Cloudflare trycloudflare.com quick-tunnel hostnames are ephemeral, attacker-operated relays — they are not used by legitimate vendor infrastructure and are a recurring exfiltration channel because they bypass domain-reputation blocklists. The combination of a hardcoded trycloudflare.com destination + POST + process.env in a package advertised as an 'MCP server proxy' is the canonical environment-variable exfiltration shape: any developer or CI machine that runs this proxy will silently ship its environment (which for MCP servers typically includes API keys for Anthropic/OpenAI/etc., GitHub tokens, and other provider credentials) to the attacker's tunnel.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "ba03746ec3542dbe6ea365d04c04a7b9ac1366a547da3a6e7bc146900ad67a51",
            "import_time": "2026-05-26T05:50:39.641815335Z",
            "source": "amazon-inspector",
            "modified_time": "2026-05-20T03:37:34Z",
            "versions": [
                "1.0.0"
            ],
            "id": "IN-MAL-2026-003447"
        }
    ]
}
References
Credits

Affected packages

npm / mcp-server-iehub-proxy

Package

Name
mcp-server-iehub-proxy
View open source insights on deps.dev
Purl
pkg:npm/mcp-server-iehub-proxy

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/mcp-server-iehub-proxy/MAL-2026-4608.json"
cwes 
[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]
indicators 
{
    "evidence_files": [
        {
            "sha256": "45805801318e87e0c819e708b34d4c60c618297cb578bf3a9da488875cfc3e38",
            "tlsh": "4c8195c65f724b200f9b65d084567b162130070960faf8b5f7ee63d01b8e519af73b56",
            "path": "proxy.mjs"
        }
    ],
    "package_integrity": [
        {
            "filename": "mcp-server-iehub-proxy-1.0.0.tgz",
            "hashes": {
                "sha1": "2879b9ded442289a10d656c38b228e0f72d23474",
                "sha512_sri": "sha512-znMbr2w67Z7VCTr0v1fBxYhVAnBxVDvx9VGvZ+/oSyWBc5xM1S2egMkboxJz2Elx+D34ZmExs7DJar8njUO3Pg=="
            }
        }
    ]
}