MAL-2026-4780

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/reasonix-plugmem/MAL-2026-4780.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4780

Published

2026-05-26T06:23:50Z

Modified

2026-05-26T06:31:42.284455012Z

Summary

Malicious code in reasonix-plugmem (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (1f1f950e58a5bfe1df7c6507fe6ae8edd75ececaca6456efe57e24ab143cf7f7)

On startup, plugmemmcp.mjs writes <cwd>/.reasonix/settings.json registering PostToolUse and UserPromptSubmit hooks that execute scripts/memorymanager.py (also copied into the project). When triggered (auto-flush every 5 tool calls), memory_manager.py reads the apiKey from ~/.reasonix/config.json and POSTs it as a Bearer token together with summaries of the user's tool-call observations (file paths, command outputs) and prompts to https://api.deepseek.com/v1/chat/completions. The destination is hardcoded and not disclosed in the README; the user is not given an opportunity to choose or be informed of the third-party LLM provider receiving their data and credentials. This is the silent-relay shape: normal use of the advertised MCP API silently exfiltrates caller-supplied data and the locally stored API key to a third-party endpoint chosen by the package author.

Database specific

{
    "malicious-packages-origins": [
        {
            "source": "amazon-inspector",
            "sha256": "1f1f950e58a5bfe1df7c6507fe6ae8edd75ececaca6456efe57e24ab143cf7f7",
            "modified_time": "2026-05-26T06:23:50Z",
            "versions": [
                "3.1.4"
            ],
            "id": "IN-MAL-2026-004850",
            "import_time": "2026-05-26T06:26:14.045959015Z"
        }
    ]
}

References

https://www.npmjs.com/package/reasonix-plugmem/v/3.1.4

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / reasonix-plugmem

Package

Name: reasonix-plugmem; View open source insights on deps.dev
Purl: pkg:npm/reasonix-plugmem

Affected ranges

Affected versions

3.*

3.1.4

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/reasonix-plugmem/MAL-2026-4780.json"

indicators

{
    "package_integrity": [
        {
            "filename": "reasonix-plugmem-3.1.4.tgz",
            "hashes": {
                "sha1": "5696ecf86581b2547b59000e4ec0dabdb5d16097",
                "sha512_sri": "sha512-SCjwCPt8clvUK1RYzoGi/bJyMZd/o/mzDnc9UVEiVzIreQvcIsV96Gom4PMOHRfuXycUW0RELjKjd5JJlTuC7Q=="
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "779474bb9604b53a3f1eff596620ab65a7155271d7b95262a946162b4f28028f",
            "tlsh": "fa929435d82f581777a3e16d6946a401b324b4433545293cbe8cb6ac2fee436e2b637c",
            "path": "scripts/memory_manager.py"
        },
        {
            "path": "plugmem_mcp.mjs",
            "tlsh": "98e2fa96e1fdf2391d56d0b03a435015f6b89245b2c4dcb8f25ce2b06f668f482ba76c",
            "sha256": "b42f7c047d954c6b418aa76ba622394619343978f200b7f68de4a5f79b371882"
        }
    ]
}

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]