MAL-2026-6236

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/query-profile/MAL-2026-6236.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-6236
Published
2026-06-20T08:55:46Z
Modified
2026-07-08T17:16:55.035629123Z
Summary
Malicious code in query-profile (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (7e5505d198ffea0cc608cbcd89e3d8fbe236f4d4ac532425b0e042c52bf87efe)

This package's metadata and README openly declare it as a dependency-confusion proof-of-concept that registers a PyPI name referenced in Apple's ml-health-query-profiles tutorial. The current payload is inert: init.py only sets version and main.py prints a notice — no network calls, no subprocess execution, no file or credential access at install or import time. However, anyone following the upstream tutorial that references this package name would silently pull this PoC into their environment. Although the present version is benign, the registered name occupies a namespace slot that a third party referenced, and any future version published under this name would automatically reach those installers. Routing to human review so an adjudicator can decide whether the PoC nature warrants a public advisory and whether the upstream tutorial reference needs coordination.

Source: kam193 (9a60c7fce9ec29fa327128c80bca74a51b9f1965c50c6dc9286016fa31001bf1)

Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.


Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Source: ossf-package-analysis (668684938d648f2835b9065f86e06d3815d9c81999a32e50b6ffe61942bd7015)

The OpenSSF Package Analysis project identified 'query-profile' @ 0.0.3 (pypi) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-06-20T08:58:27.447063Z",
            "versions": [
                "0.0.1",
                "0.0.2",
                "0.0.3"
            ],
            "sha256": "9a60c7fce9ec29fa327128c80bca74a51b9f1965c50c6dc9286016fa31001bf1",
            "id": "pypi/GENERIC-standard-pypi-install-pentest/query-profile",
            "source": "kam193",
            "import_time": "2026-06-20T09:41:12.89494755Z"
        },
        {
            "modified_time": "2026-06-20T09:00:58Z",
            "versions": [
                "0.0.3"
            ],
            "sha256": "668684938d648f2835b9065f86e06d3815d9c81999a32e50b6ffe61942bd7015",
            "import_time": "2026-06-20T09:41:09.49557541Z",
            "source": "ossf-package-analysis"
        },
        {
            "modified_time": "2026-06-20T08:55:46Z",
            "versions": [
                "0.0.2"
            ],
            "sha256": "b09610327ce9bc65f6ccb9e068cb5b710272846418445fcb3cfa6579a5d633da",
            "import_time": "2026-06-20T09:41:09.378992505Z",
            "source": "ossf-package-analysis"
        },
        {
            "modified_time": "2026-07-08T16:34:55Z",
            "versions": [
                "0.0.1"
            ],
            "sha256": "7e5505d198ffea0cc608cbcd89e3d8fbe236f4d4ac532425b0e042c52bf87efe",
            "import_time": "2026-07-08T17:01:34.84125903Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-008154"
        }
    ]
}
References
Credits

Affected packages

PyPI / query-profile

Package

Affected ranges

Affected versions

0.*
0.0.1
0.0.2
0.0.3

Database specific

indicators
{
    "evidence_files": [
        {
            "tlsh": "a7f09e73578b6a658c61bb60a96857c7ec7ab02e31101964b2d7c0c8985e4cac3e147b",
            "sha256": "d1b271c71b4141d2577c7465405bc249469ed55375cef17336a2918bb139fce4",
            "path": "pyproject.toml"
        }
    ],
    "package_integrity": [
        {
            "hashes": {
                "md5": "f336ddb264266abf09df92eec57543f3",
                "sha256": "10544c1fc884d3196be616a8299482a90360d2baa552a9a7325ef447deb8a86a",
                "blake2b_256": "6c07c2e44cf77743ce0470be124a619d27cfa08877f4cbf241bf65e1a411ce90"
            },
            "filename": "query_profile-0.0.1-py3-none-any.whl"
        },
        {
            "hashes": {
                "md5": "40ac99644160158e35253276674b08b2",
                "sha256": "4155304e57e706ebce3761edf51837b6a4cd07183643c4ce137b8a7441fa4392",
                "blake2b_256": "740aa3fe2199be19c0a739f67c0047c2417ff66c94ff0609855920f1d8ef6cb5"
            },
            "filename": "query_profile-0.0.1.tar.gz"
        }
    ]
}
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/query-profile/MAL-2026-6236.json"