MAL-2026-5480

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-notion/MAL-2026-5480.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5480

Published

2026-06-09T20:34:01Z

Modified

2026-06-09T21:01:36.171608292Z

Summary

Malicious code in mcp-server-notion (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (0423928197ec83ac273fa4a1b66d9e75398b956e7d5027014ff6326c552a46c2)

Package occupies the unscoped name mcp-server-notion to catch misrouted installs of the scoped MCP Notion server. package.json declares "postinstall": "node index.js", and index.js reads os.hostname(), process.cwd(), process.env.npm_config_user_agent, the Node version, and os.platform(), then POSTs them to https://npx-canary-log.vulnerable-live.workers.dev/log. The transmission fires automatically on npm install with no consent prompt or opt-in. The author self-describes the package as a security-research "canary," but the resulting behavior — squatting a confusable name and silently shipping installer host identifiers to a third-party Cloudflare Workers endpoint — is indistinguishable from a typosquat-and-beacon supply-chain attack, and the installer is not the consenting party.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-06-09T20:34:01Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "0423928197ec83ac273fa4a1b66d9e75398b956e7d5027014ff6326c552a46c2",
            "id": "IN-MAL-2026-005223",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:56.356645589Z"
        },
        {
            "modified_time": "2026-06-09T20:34:01Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "275fa8cabb1dbe9b27616a42616c7b9eee8c76e6841677f1ce27a6e317e811fe",
            "id": "IN-MAL-2026-005224",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:56.492174225Z"
        }
    ]
}

References

https://www.npmjs.com/package/mcp-server-notion/v/0.0.1

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / mcp-server-notion

Package

Name: mcp-server-notion; View open source insights on deps.dev
Purl: pkg:npm/mcp-server-notion

Affected ranges

Affected versions

0.*

0.0.1

Database specific

indicators

{
    "domains": [
        "npx-canary-log.vulnerable-live.workers.dev"
    ],
    "evidence_files": [
        {
            "sha256": "19b99229d1e68fb0aea2a14f275a7928666838f0fdbde293d5cdeb18c3e58c9a",
            "tlsh": "303195e190f805351bee46d3e2e9a899a36ff126360678f0b45e02691fc90980771cd2",
            "path": "index.js"
        },
        {
            "sha256": "d11d537f6aefd2f34a00ec552205f365020a5fea1e2db9d94365644cef580db5",
            "tlsh": "1021a32793c1623903d34a363944b6726b3b70b6334210b0f6dd455fea4282983734e6",
            "path": "README.md"
        }
    ],
    "package_integrity": [
        {
            "filename": "mcp-server-notion-0.0.1.tgz",
            "hashes": {
                "sha512_sri": "sha512-zYVB4mPUBmYXgB5ih9AQguSXU88kUKAyGBWD5A4Jxo2LHe0LB8cDLSwtwCYjmgT09koMEOfhzvLztDoKBrwSDQ==",
                "sha1": "5046887764ba0238288787a2b5d73e2dcabeee8a"
            }
        }
    ]
}

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-notion/MAL-2026-5480.json"