MAL-2026-4762
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/pgrayy-wasmtime/MAL-2026-4762.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-4762
- Withdrawn
- 2026-05-26T22:13:04Z
- Published
- 2026-05-21T14:49:20Z
- Modified
- 2026-05-27T00:32:14.176722915Z
- Summary
- Malicious code in pgrayy-wasmtime (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (e7c9cfd90d6de2acd86d50019dfa4a2b140ac9246fdcbae8d7aaa3d17bd4af6e)
The distribution is published as
pgrayy-wasmtimebut itstop_level.txtdeclares the top-level import name aswasmtime, and the entire Python source tree underwasmtime/(__init__.py,_ffi.py,_bindings.py,component/*) is a verbatim copy of the official Bytecode Alliancewasmtime-pydistribution, complete with upstream metadata (Author-email: The Wasmtime Project Developers <hello@bytecodealliance.org>,Homepage: github.com/bytecodealliance/wasmtime-py). Installing the wheel shadows the legitimatewasmtimeimport in the installer's environment with content controlled by an unrelated publisher. The wheel additionally ships a single 31.8 MB prebuilt native librarywasmtime/darwin-aarch64/_libwasmtime.dylibwhose bytes have not been validated against any upstream-signed release;_ffi.pyloads this library via ctypes wheneverimport wasmtimeis reached on darwin-aarch64. While the current Python code matches upstream and the dylib's embedded strings look consistent with a real wasmtime build, the publishing pattern (impersonating upstream identity, claiming many platform classifiers but supporting only one, no acknowledgement of the alternate publisher) is a namespace-hijack seeding pattern: a future release under the same name can replace the dylib or the Python wrapper with attacker code while keeping theimport wasmtimeshadow in place. - Database specific
{ "malicious-packages-origins": [ { "import_time": "2026-05-26T05:51:29.176053601Z", "versions": [ "0.0.0" ], "modified_time": "2026-05-21T14:49:20Z", "sha256": "1aeac0ad5617f8dc88f27047329ac000b7590109d352a8ceba6cb0362f082a19", "id": "IN-MAL-2026-003870", "source": "amazon-inspector" }, { "import_time": "2026-05-26T05:51:30.048168281Z", "versions": [ "44.0.3" ], "modified_time": "2026-05-21T15:50:29Z", "sha256": "e7c9cfd90d6de2acd86d50019dfa4a2b140ac9246fdcbae8d7aaa3d17bd4af6e", "id": "IN-MAL-2026-003877", "source": "amazon-inspector" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
PyPI / pgrayy-wasmtime
Package
- Name
- pgrayy-wasmtime
- View open source insights on deps.dev
- Purl
- pkg:pypi/pgrayy-wasmtime
Database specific
indicators
{
"package_integrity": [
{
"filename": "pgrayy_wasmtime-0.0.0-py3-none-macosx_11_0_arm64.whl",
"hashes": {
"blake2b_256": "26b1b0c8bad5bb90a34b8f04c476361b5484c66e0bed96311dfc1027561771a0",
"sha256": "9f36fb7d5e6c8feac594b4d1e413fbe9bcfd166cc5b586640144055e0f5ad8f2",
"md5": "fc989814c712acd73237593a2eab1ed9"
}
}
],
"evidence_files": [
{
"path": "pgrayy_wasmtime-0.0.0.dist-info/METADATA",
"sha256": "9cf587d2afb39163649925e0ad5334ee644b7a4620fb6745f4bd302f7af7b3d1",
"tlsh": "0da176e3c3d846a89f8203d692675abbff23460cd96d249cebb9035f974407b427a059"
},
{
"path": "wasmtime/_ffi.py",
"sha256": "40c83ceef08c4d729a019eca3d13dfe82116b28a2c29993e28cafd64f88e8d7e",
"tlsh": "ede1bf19ed2168be43d8410466d342199709e493eadf2f8ebfcf0610d7a48b851de7bb"
}
]
}
cwes
[
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
}
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/pgrayy-wasmtime/MAL-2026-4762.json"