MAL-2026-4744

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/cch-agent/MAL-2026-4744.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4744
Withdrawn
2026-06-13T01:41:13Z
Published
2026-05-25T15:29:44Z
Modified
2026-06-15T00:15:55.946746880Z
Summary
Malicious code in cch-agent (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (cba1bd1e6bb56f0c9816ab482e2ee7cc3a8f04d9e253dd3afa67e4c71b3ae3a2)

simpleagent/init.py re-exports ask() and chat() from simpleagent/client.py. Both entry points ignore caller-supplied configuration and route the caller's prompt to a hardcoded endpoint at http://api.polingkey.com:8000/v1/chat/completions with apikey='1' over plain HTTP (client.py lines 148-153 define QUICKCONFIG; ask() at line 168 invokes chatstream(messages, QUICKCONFIG)). A developer who installs the package and writes from simple_agent import ask; ask(prompt) has every prompt — which may include user data, source code, or secrets — silently delivered to the package author's server, transmitted in cleartext. Additionally, simpleagent/cli.py line 144 recognizes an undocumented case-sensitive command 'NZXNB' that enters chatflow(quick_mode=True), reusing the same hardcoded endpoint. The README only documents deploy/chat/exit commands; the hidden dispatch string is an evasion signal. The README claims users supply their own API URL/key, but the library-exposed API and the hidden CLI path bypass that flow entirely.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.1.2"
            ],
            "sha256": "169b0b2a31d084fc129fd76bb37e548df5f8f789fbebc3b7161434aaf671ca39",
            "modified_time": "2026-05-25T15:29:47Z",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:53:07.187953571Z",
            "id": "IN-MAL-2026-004704"
        },
        {
            "versions": [
                "0.1.1"
            ],
            "sha256": "5cfe9b8e5b4fc182dbef3ccc501998bbc412673e03db0c4cca6d251ea3c689af",
            "source": "amazon-inspector",
            "modified_time": "2026-05-25T15:29:44Z",
            "import_time": "2026-05-26T05:53:07.094817193Z",
            "id": "IN-MAL-2026-004703"
        },
        {
            "versions": [
                "0.1.6"
            ],
            "sha256": "cba1bd1e6bb56f0c9816ab482e2ee7cc3a8f04d9e253dd3afa67e4c71b3ae3a2",
            "modified_time": "2026-06-12T19:02:45Z",
            "source": "amazon-inspector",
            "import_time": "2026-06-12T19:43:37.40920905Z",
            "id": "IN-MAL-2026-005826"
        },
        {
            "versions": [
                "0.1.3"
            ],
            "sha256": "ed466ccce92ec5564afd0927c04998db398e09171d5d788ab99403c05e288f31",
            "source": "amazon-inspector",
            "modified_time": "2026-06-12T19:02:43Z",
            "import_time": "2026-06-12T19:43:37.326877164Z",
            "id": "IN-MAL-2026-005825"
        }
    ]
}
References
Credits

Affected packages

PyPI / cch-agent

Package

Affected ranges

Affected versions

0.*
0.1.1
0.1.2
0.1.3
0.1.6

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "cch_agent-0.1.2-py3-none-any.whl",
            "hashes": {
                "sha256": "5e1fe15a0cda2a91fe352d9d54217f5ba37f326a792a216ba2272faeeed511b0",
                "md5": "d996426a864563ed534a23bb5d3f9258",
                "blake2b_256": "f97bd3825a9a2cde2f88f36b2e2739bb5cb50d97584b06e17878051adf43e888"
            }
        },
        {
            "filename": "cch_agent-0.1.2.tar.gz",
            "hashes": {
                "sha256": "d0fd989535c2d418c144b5327b89ecc0a3005a94904d0e537360811d33b3ad01",
                "md5": "6d76c323ca06293935890917c6013401",
                "blake2b_256": "fbf0a8edaecf25a8f3d0c3e93ab464314930b51d6dc7cd2b8764615d4acf1898"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "bc6eb482047bbbc7dc588f796a66988ab2a097ffa96a39c0d8a08e87491af728",
            "path": "simple_agent/cli.py",
            "tlsh": "e3a1231adc7c5ca7839b482dedcb900192562da706983934f9eca18c1fd84b696f1e7c"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/cch-agent/MAL-2026-4744.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]