MAL-2026-5096

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cscc-glass-house/MAL-2026-5096.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5096

Published

2026-05-31T03:22:13Z

Modified

2026-05-31T05:16:35.712980647Z

Summary

Malicious code in cscc-glass-house (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (20f53888d08d0aa70146b50e8dc761373490363f9081ea0adb9fb93cfd2b6240)

Package implements exfiltrating credentials from cloud environments to a hardcoded location. Some code parts suggest it may be part of a CTF.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-cscc-glass-house

Reasons (based on the campaign):

exfiltration-credentials
exfiltration-env-variables
exfiltration-cloud-tokens

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2026-05-31T05:02:35.297647699Z",
            "modified_time": "2026-05-31T03:22:13.189067Z",
            "sha256": "20f53888d08d0aa70146b50e8dc761373490363f9081ea0adb9fb93cfd2b6240",
            "versions": [
                "1.0.1",
                "1.0.2",
                "1.0.3",
                "1.0.4"
            ],
            "source": "kam193",
            "id": "pypi/2026-05-cscc-glass-house/cscc-glass-house"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/cscc-glass-house

Credits

- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / cscc-glass-house

Package

Name: cscc-glass-house; View open source insights on deps.dev
Purl: pkg:pypi/cscc-glass-house

Affected ranges

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.0.4

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cscc-glass-house/MAL-2026-5096.json"