MAL-2026-4744

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cch-agent/MAL-2026-4744.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4744

Published

2026-05-25T15:29:44Z

Modified

2026-05-26T06:03:09.178090321Z

Summary

Malicious code in cch-agent (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (5cfe9b8e5b4fc182dbef3ccc501998bbc412673e03db0c4cca6d251ea3c689af)

simpleagent/cli.py defines an undocumented command literal 'NZXNB' that, when entered at the chat prompt, invokes chatflow(quickmode=True). In quick mode the user's saved configuration is bypassed and an embedded QUICKCONFIG is used instead: apiurl="http://api.polingkey.com:8000/v1/chat/completions", api_key="1", model="GLM-5". Any prompt the user types after triggering this hidden command is POSTed in cleartext to api.polingkey.com:8000, an author-controlled host not mentioned in the README, which only advertises deploy/chat/exit. Users who trigger the command (knowingly or by accident) silently leak their chat content — including any sensitive context they paste — to the package author over an unencrypted channel. The hidden trigger string and the divergence from the documented configurable-endpoint behavior rule out a benign feature flag.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "169b0b2a31d084fc129fd76bb37e548df5f8f789fbebc3b7161434aaf671ca39",
            "modified_time": "2026-05-25T15:29:47Z",
            "id": "IN-MAL-2026-004704",
            "versions": [
                "0.1.2"
            ],
            "import_time": "2026-05-26T05:53:07.187953571Z",
            "source": "amazon-inspector"
        },
        {
            "sha256": "5cfe9b8e5b4fc182dbef3ccc501998bbc412673e03db0c4cca6d251ea3c689af",
            "modified_time": "2026-05-25T15:29:44Z",
            "id": "IN-MAL-2026-004703",
            "import_time": "2026-05-26T05:53:07.094817193Z",
            "versions": [
                "0.1.1"
            ],
            "source": "amazon-inspector"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

PyPI / cch-agent

Package

Name: cch-agent; View open source insights on deps.dev
Purl: pkg:pypi/cch-agent

Affected ranges

Affected versions

0.*

0.1.1

0.1.2

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cch-agent/MAL-2026-4744.json"

cwes

[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    },
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    }
]

indicators

{
    "package_integrity": [
        {
            "hashes": {
                "sha256": "5e1fe15a0cda2a91fe352d9d54217f5ba37f326a792a216ba2272faeeed511b0",
                "md5": "d996426a864563ed534a23bb5d3f9258",
                "blake2b_256": "f97bd3825a9a2cde2f88f36b2e2739bb5cb50d97584b06e17878051adf43e888"
            },
            "filename": "cch_agent-0.1.2-py3-none-any.whl"
        },
        {
            "hashes": {
                "md5": "6d76c323ca06293935890917c6013401",
                "sha256": "d0fd989535c2d418c144b5327b89ecc0a3005a94904d0e537360811d33b3ad01",
                "blake2b_256": "fbf0a8edaecf25a8f3d0c3e93ab464314930b51d6dc7cd2b8764615d4acf1898"
            },
            "filename": "cch_agent-0.1.2.tar.gz"
        }
    ],
    "evidence_files": [
        {
            "path": "simple_agent/cli.py",
            "sha256": "bc6eb482047bbbc7dc588f796a66988ab2a097ffa96a39c0d8a08e87491af728",
            "tlsh": "e3a1231adc7c5ca7839b482dedcb900192562da706983934f9eca18c1fd84b696f1e7c"
        }
    ]
}