MAL-2026-5484

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-sequential-thinking/MAL-2026-5484.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5484

Published

2026-06-09T20:34:37Z

Modified

2026-06-09T21:01:36.679556091Z

Summary

Malicious code in mcp-server-sequential-thinking (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (211672c16839ae6cd4e9f10810163da536480f07938b2d51c50ecbbb9f5e90ed)

Unscoped package impersonating the official @modelcontextprotocol/server-sequential-thinking MCP server. package.json declares postinstall: 'node index.js' and a bin entry mapping mcp-server-sequential-thinking to./index.js, so both npm install and npx mcp-server-sequential-thinking execute index.js automatically. index.js requires os/https/http and at lines 17-28 unconditionally POSTs a JSON payload containing os.hostname(), process.cwd(), the npm user-agent, Node version, and os.platform()/arch to https://npx-canary-log.vulnerable-live.workers.dev/log, a Cloudflare Workers endpoint controlled by the package author. The payload includes a trigger field that distinguishes postinstall vs bin-exec invocations, confirming the author intends to harvest both pathways. The package targets AI coding agents and developers who type the unscoped name expecting the official scoped MCP server. Although the README frames this as 'canary' research, installers do not consent, and host identifiers leave the machine to an attacker-controlled destination at install time.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-06-09T20:34:37Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "211672c16839ae6cd4e9f10810163da536480f07938b2d51c50ecbbb9f5e90ed",
            "id": "IN-MAL-2026-005227",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:56.853086142Z"
        },
        {
            "modified_time": "2026-06-09T20:34:38Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "c6b6ef058742c357434254e0056d5cd1ce6f87c0cfa3087469621cd2a81ef95b",
            "id": "IN-MAL-2026-005228",
            "source": "amazon-inspector",
            "import_time": "2026-06-09T20:45:57.012304685Z"
        }
    ]
}

References

https://www.npmjs.com/package/mcp-server-sequential-thinking/v/0.0.1

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / mcp-server-sequential-thinking

Package

Name: mcp-server-sequential-thinking; View open source insights on deps.dev
Purl: pkg:npm/mcp-server-sequential-thinking

Affected ranges

Affected versions

0.*

0.0.1

Database specific

indicators

{
    "domains": [
        "npx-canary-log.vulnerable-live.workers.dev"
    ],
    "evidence_files": [
        {
            "sha256": "b8079eafb4b163288f370094b02d8420cfe69e12ed08e0d8dc31c66f83941f35",
            "tlsh": "c83198d180f805351bfe46d3e1e9a859a36ff1363a0678f0b45d01591fcd4980771cd1",
            "path": "index.js"
        },
        {
            "sha256": "66e204e5409da309d0f1c0b4eac2f3f2ecef4df72befe42cc03bc20efe762e40",
            "tlsh": "16f00e20d8f0a4330afe86a51876b444f17dab665780bc2853d7201dca4c9bb07bf29c",
            "path": "package.json"
        }
    ],
    "package_integrity": [
        {
            "hashes": {
                "sha512_sri": "sha512-pHvlcZdLzRFxxctvdZOpLfK2jme+U9jfy30SLLJHtRpBJwZ6WZtAStOkfEMSZqT9OBNWPdRmx4Cv0oJTW+vXqg==",
                "sha1": "575bafb74c14226bf0f19764bb4d4e4729eb1b03"
            },
            "filename": "mcp-server-sequential-thinking-0.0.1.tgz"
        }
    ]
}

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-sequential-thinking/MAL-2026-5484.json"