MAL-2026-5478

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-git/MAL-2026-5478.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5478
Published
2026-06-09T20:34:59Z
Modified
2026-06-09T21:01:35.963783939Z
Summary
Malicious code in mcp-server-git (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (4cf54d60f4aeb261f3b4c523293183b728b02bc20255aeab62d7f86c94adc7ed)

package.json declares postinstall: node index.js. On every npm install, index.js (lines 14-29) reads os.hostname(), process.cwd(), os.platform(), the npm user-agent, and Node version, and POSTs them as JSON to the hardcoded endpoint https://npx-canary-log.vulnerable-live.workers.dev/log (index.js:16). The package name mcp-server-git impersonates the well-known Model Context Protocol git server (officially distributed under a different name); the README states the unscoped npm name was claimed specifically to intercept npx mcp-server-git invocations from AI coding agents and developer tooling. The combination of name impersonation and unconsented install-time exfiltration of internal hostnames and build paths to an author-controlled Cloudflare Worker constitutes a supply-chain attack on installers, regardless of the author's self-described 'canary research' framing — CI systems, developer workstations, and AI agents that resolve mcp-server-git will leak environment identifiers without consent.

Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-06-09T20:45:57.967991856Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "4cf54d60f4aeb261f3b4c523293183b728b02bc20255aeab62d7f86c94adc7ed",
            "id": "IN-MAL-2026-005235",
            "source": "amazon-inspector",
            "modified_time": "2026-06-09T20:34:59Z"
        },
        {
            "modified_time": "2026-06-09T20:34:59Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "b36a6a2aba7eabab28a2caa71b383383748c37d5de81b722a86635e94147464b",
            "id": "IN-MAL-2026-005236",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:58.33271789Z"
        }
    ]
}
References
Credits

Affected packages

npm / mcp-server-git

Package

Name
mcp-server-git
View open source insights on deps.dev
Purl
pkg:npm/mcp-server-git

Affected ranges

Affected versions

0.*
0.0.1

Database specific

indicators 
{
    "evidence_files": [
        {
            "sha256": "5e83b6b67a3582afabe200023d220baac49850a3bd1d292bf90e1c22697a91ed",
            "tlsh": "3f3195e180f805351bee46d3e1e9a899a36ff126360678f0b49e02295fc90980771cd2",
            "path": "index.js"
        },
        {
            "sha256": "8f9c35937b99dbe40a493db65f6c8934e1c65a248b69b24c5558507f56e4b05a",
            "tlsh": "3ff09e70d87496332afe46a154776444b579a9171680fc2923d3511cd64c5b703bf25d",
            "path": "package.json"
        }
    ],
    "domains": [
        "npx-canary-log.vulnerable-live.workers.dev"
    ],
    "package_integrity": [
        {
            "hashes": {
                "sha512_sri": "sha512-ceAU3W3ZYBI4zq8mqNajWYt0+7PHwI4QLWw1xdVIOe8EjMpNxtJZsT1XarIaNrZxLi1eaAo0+4WH8rO/PJwdOQ==",
                "sha1": "15ae727f57d27ba2136c6a9cfd09f9bb389dacca"
            },
            "filename": "mcp-server-git-0.0.1.tgz"
        }
    ]
}
cwes 
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]
source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-git/MAL-2026-5478.json"