MAL-2026-5482

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-redis/MAL-2026-5482.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5482

Published

2026-06-09T20:34:45Z

Modified

2026-06-09T21:01:36.371608918Z

Summary

Malicious code in mcp-server-redis (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (2c31b47d009efb7e10d0b41e71923fcfefa90a45895db0ec02bc6c8f1fee1c86)

Package squats the unscoped npm name mcp-server-redis (commonly invoked via npx mcp-server-redis by MCP/AI tooling looking for the official scoped Redis MCP server). package.json declares "postinstall": "node index.js", so on every npm install the script in index.js auto-runs and POSTs a JSON payload containing os.hostname(), process.cwd(), process.env.npm_config_user_agent, Node version and platform to the hardcoded endpoint https://npx-canary-log.vulnerable-live.workers.dev/log. The same exfiltration also fires on every CLI invocation. Installers did not consent; the working-directory path can leak project/repository names, and host identifiers are sent to a third-party Cloudflare Workers endpoint. The author frames this as a 'security research canary,' but the mechanism — name-squat + automatic install-time beacon to an external endpoint — is namespace abuse with installer-data exfiltration regardless of stated intent.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-06-09T20:34:45Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "2c31b47d009efb7e10d0b41e71923fcfefa90a45895db0ec02bc6c8f1fee1c86",
            "id": "IN-MAL-2026-005229",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:57.161859612Z"
        },
        {
            "modified_time": "2026-06-09T20:34:45Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "f4a4d371479bb5a292f632f9afc8661c13142c51f347d3013cc5dceca8ce46ab",
            "id": "IN-MAL-2026-005230",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:57.396545442Z"
        }
    ]
}

References

https://www.npmjs.com/package/mcp-server-redis/v/0.0.1

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / mcp-server-redis

Package

Name: mcp-server-redis; View open source insights on deps.dev
Purl: pkg:npm/mcp-server-redis

Affected ranges

Affected versions

0.*

0.0.1

Database specific

indicators

{
    "domains": [
        "npx-canary-log.vulnerable-live.workers.dev"
    ],
    "evidence_files": [
        {
            "sha256": "be03db8da037601b49370ecd884f19a126fc696d0a7eccf8d3672a135dd3c952",
            "tlsh": "b63195e180f805361bfe46d3e2e9a899a36ff126360678f0b45e02695fcd4980771cd2",
            "path": "index.js"
        },
        {
            "sha256": "72085414e00cf1b368dedbac5c2ea133e9a259a597908cce1ef0edd5288bd3f8",
            "tlsh": "d221a32383c1a33a03d34836394976b2ab7ab0b4738210b4fadd154ffa4ac2943730d6",
            "path": "README.md"
        }
    ],
    "package_integrity": [
        {
            "filename": "mcp-server-redis-0.0.1.tgz",
            "hashes": {
                "sha512_sri": "sha512-sBrOVZIhwXu8Aau/1R5gG4hPmohwTzfcCyUlJiEa2jmUebEZtveqqGZJBuAOvj80mLCz9HCHXHI7rAeQOh7TYA==",
                "sha1": "c2b0b566c31fdb57fb46bdb2f0b886f2732bef3a"
            }
        }
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-redis/MAL-2026-5482.json"

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]