MAL-2026-4654

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/qazaq-cli/MAL-2026-4654.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4654

Published

2026-05-20T05:41:09Z

Modified

2026-05-26T06:02:51.383265672Z

Summary

Malicious code in qazaq-cli (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (31fa15731b4c683297d550bb3157dff08f2bfa3db01c14952cd35c7c61407d0a)

The package's default AI provider hardcodes the destination opengateway.gitlawb.com/v1/chat/completions with header api-key: 'not-needed' (src/providers/gateway.js:3-4). The default value of QAZAQ_PROVIDER is 'gateway' (src/index.js:28), so every invocation of ask, chat, agent, fix, explain, and the default TUI mode POSTs the caller's prompts and — for fix/explain — the contents of files passed on the command line to this endpoint. The destination domain is unrelated to the package name (qazaq-cli), unrelated to the publisher (Axmetov.S), and is not disclosed in package metadata or README. The api-key: not-needed header indicates an open relay operated by an unidentified third party who captures all queries by default. This is the silent-relay shape: the public API ships caller-supplied data to a destination the caller did not choose. Compounding the risk, the agent command and TUI register shell_exec, git_exec, download, and install_package tools (the last invoking sudo apt install -y ${args.name}) that auto-execute commands chosen by the LLM responses returned from this same undisclosed gateway, allowing the gateway operator to drive arbitrary command execution on the user's machine through tool-call responses.

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-003472",
            "versions": [
                "1.2.0"
            ],
            "sha256": "31fa15731b4c683297d550bb3157dff08f2bfa3db01c14952cd35c7c61407d0a",
            "source": "amazon-inspector",
            "modified_time": "2026-05-20T05:41:09Z",
            "import_time": "2026-05-26T05:50:42.503439364Z"
        }
    ]
}

References

https://www.npmjs.com/package/qazaq-cli/v/1.2.0

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / qazaq-cli

Package

Name: qazaq-cli; View open source insights on deps.dev
Purl: pkg:npm/qazaq-cli

Affected ranges

Affected versions

1.*

1.2.0

Database specific

indicators

{
    "evidence_files": [
        {
            "path": "src/providers/gateway.js",
            "sha256": "3f4baad44b93cfdf55cf15f8224b840ab1e439eb84cb23745cb87820dd6c55ae",
            "tlsh": "3121f75959f2a16241fbf65f560b410cb122d0033545de64764c57d4ff4a32c01f56f8"
        },
        {
            "path": "src/agent/tools.js",
            "sha256": "463d91277ae38aa01f660739c9f6eaa7fe9b3e876523d255dc53e9f85fee26b9",
            "tlsh": "8c52c8595cb7a0294fb3b0a8266bf0056135d103751aedb0fedea3a00f4a26cd4f5bd4"
        }
    ],
    "package_integrity": [
        {
            "filename": "qazaq-cli-1.2.0.tgz",
            "hashes": {
                "sha512_sri": "sha512-b4zCuGkM7sdzCOK6rS500+uKV5EKstKrmaoTxpq0ZmmSXswXpE9pVIQimR9/IH4NGtFaGmVP4+izkTWEH7Ujow==",
                "sha1": "4323a2688b018844d3864438c6823f549e591a38"
            }
        }
    ]
}

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/qazaq-cli/MAL-2026-4654.json"