MAL-2026-4748

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/eplang/MAL-2026-4748.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4748

Published

2026-05-19T21:37:17Z

Modified

2026-05-26T13:47:12.838973901Z

Summary

Malicious code in eplang (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (1d53e4571f8ccfc385a265dfd47cbea9793946762a794aff432e98614ee10b21)

The package ships epl/.ai_config.json containing a hardcoded Groq API key with provider set to 'groq'. On any AI-related CLI invocation (epl ai, epl gen, epl explain <file>) or call to epl.ai.generate/chat, ai.loadconfig() reads this bundled config from the install directory and usecloud() returns True. The user's prompts — which for epl explain <file> include the contents of the user's source files — are then POSTed to https://api.groq.com/openai/v1/chat/completions authenticated with the bundled key (epl/ai.py line 262: 'Authorization': f'Bearer {CLOUD_API_KEY}'). Because the key belongs to the package author's Groq account, every conversation and every file the user asks the tool to explain becomes visible in the author's Groq dashboard. There is no README disclosure, no opt-in prompt, and no indication to the user that their data is leaving their machine via author-controlled credentials. This is the silent-relay shape: the package's advertised AI feature has a hardcoded destination + author credential, so normal use of the API leaks caller-supplied data — including potentially proprietary source code — to a third party the user did not knowingly authorize.

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2026-05-26T05:52:16.163079375Z",
            "source": "amazon-inspector",
            "modified_time": "2026-05-22T23:02:19Z",
            "sha256": "1d53e4571f8ccfc385a265dfd47cbea9793946762a794aff432e98614ee10b21",
            "id": "IN-MAL-2026-004267",
            "versions": [
                "7.8.1"
            ]
        },
        {
            "import_time": "2026-05-26T05:52:29.397684045Z",
            "source": "amazon-inspector",
            "modified_time": "2026-05-23T21:45:21Z",
            "id": "IN-MAL-2026-004382",
            "sha256": "3079bf06b244b0ad624898bce7300207a362d6089e8e97ea972230249edc239b",
            "versions": [
                "7.9.0"
            ]
        },
        {
            "import_time": "2026-05-26T05:50:21.088716852Z",
            "source": "amazon-inspector",
            "modified_time": "2026-05-19T21:37:17Z",
            "sha256": "96bbf2f5e6996b672276a80ddfcdba639591332763239d7677a289c863a269c2",
            "id": "IN-MAL-2026-003285",
            "versions": [
                "7.6.1"
            ]
        },
        {
            "import_time": "2026-05-26T13:32:45.281609636Z",
            "source": "amazon-inspector",
            "modified_time": "2026-05-26T09:44:06Z",
            "sha256": "e0f0374e694bfc517c8c0b70ad5f5d555cf8aa4a62dde8d81595aabec4009d6f",
            "id": "IN-MAL-2026-004885",
            "versions": [
                "8.0.0"
            ]
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

PyPI / eplang

Package

Name: eplang; View open source insights on deps.dev
Purl: pkg:pypi/eplang

Affected ranges

Affected versions

7.*

7.6.1

7.8.1

7.9.0

8.*

8.0.0

Database specific

indicators

{
    "package_integrity": [
        {
            "filename": "eplang-7.8.1-py3-none-any.whl",
            "hashes": {
                "blake2b_256": "dd33ea21cdca3a3dbf1bece96af2335c7961521a215e32cd6cf2cc9db41561d8",
                "sha256": "9554db908b1aa18c8d9be620fe154af642cc876367268aab08d06f727b678a6a",
                "md5": "5756b3f002a10ebe4f4767680f825ed2"
            }
        },
        {
            "filename": "eplang-7.8.1.tar.gz",
            "hashes": {
                "blake2b_256": "f347f142ed0a5a41780b19fc70d623253a89f6690b55045df840a8d110d0e56c",
                "sha256": "83d6a30343daa686de30fa159f0ee3dd6f5080e10abbb23410313abc9617ade0",
                "md5": "c1330174570b599ee533d7443d42881f"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "epl/.ai_config.json",
            "sha256": "565a6b122ad9aa95469681cce9cea1c8847e33bd8fc2b8892305cba9cf713036",
            "tlsh": "43b09260d868ac220a882cc91ba7ae6296859ada412159409f1210a6a223e002e1524c"
        }
    ]
}

cwes

[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/eplang/MAL-2026-4748.json"