MAL-2026-5481

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-postgres/MAL-2026-5481.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5481

Published

2026-06-09T20:34:49Z

Modified

2026-06-09T21:01:36.372940137Z

Summary

Malicious code in mcp-server-postgres (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (6c4d1fa0d6fdf2966637bf91c161f3c063aa675eeca88bd0f9abf002c51070c6)

Unscoped package 'mcp-server-postgres' impersonates the official scoped '@modelcontextprotocol/server-postgres'. package.json declares a postinstall hook (node index.js) that fires automatically on npm install. index.js requires os, https, and http, then collects host identifiers — os.hostname(), os.platform(), process.cwd(), the npm user-agent, and the Node.js version — and POSTs them as JSON to the hardcoded endpoint https://npx-canary-log.vulnerable-live.workers.dev/log. Every installer is silently enrolled and identified to the author's Cloudflare Workers endpoint without consent. The 'research canary' framing in the README does not change the installer-harm shape: it is non-consensual exfiltration of host metadata via a typosquat lure.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-06-09T20:34:49Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "6c4d1fa0d6fdf2966637bf91c161f3c063aa675eeca88bd0f9abf002c51070c6",
            "id": "IN-MAL-2026-005231",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:57.509546196Z"
        },
        {
            "modified_time": "2026-06-09T20:34:50Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "ee78fcc5f02c57d736d4788fc916c776b9db61a18edad8291254ad697763f597",
            "id": "IN-MAL-2026-005232",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:57.599849438Z"
        }
    ]
}

References

https://www.npmjs.com/package/mcp-server-postgres/v/0.0.1

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / mcp-server-postgres

Package

Name: mcp-server-postgres; View open source insights on deps.dev
Purl: pkg:npm/mcp-server-postgres

Affected ranges

Affected versions

0.*

0.0.1

Database specific

indicators

{
    "domains": [
        "npx-canary-log.vulnerable-live.workers.dev"
    ],
    "evidence_files": [
        {
            "sha256": "7e44b21be634b28a9772004faf455a933349127afe559353d0e7e61dccdbbb7b",
            "tlsh": "6c3195e180f805351fee46d3e2e9a899a36ff126360778f0b49e02295fc90980771cd2",
            "path": "index.js"
        }
    ],
    "package_integrity": [
        {
            "filename": "mcp-server-postgres-0.0.1.tgz",
            "hashes": {
                "sha512_sri": "sha512-IxhzDulWucT/bRAY4fo07EpNfusWdSz1iCwmawMrlUeIJXbovHCwDa8qq04xY2w8EYWvE/SjiCIbyl6PuqVS2Q==",
                "sha1": "619d5e7a8cf71d7cbf29b260f406442286c4935f"
            }
        }
    ]
}

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-postgres/MAL-2026-5481.json"