MAL-2026-7314

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/logfuse/MAL-2026-7314.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-7314
Published
2026-07-07T12:57:52Z
Modified
2026-07-09T22:17:02.329326975Z
Summary
Malicious code in logfuse (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (259fc8b205e41dea32af006c7eaa325f0d1cca2421c668b778b8d2559d8ec900)

The package was found to contain malicious code or consuming dependency that contains malicious code

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "2.1.6"
            ],
            "id": "RLMA-2026-05145",
            "import_time": "2026-07-09T09:16:37.47455641Z",
            "sha256": "389e75ed90c0c82ffc717d29b97dd7b368dc458cdfa0005440be404baef1c971",
            "modified_time": "2026-07-07T12:57:52Z",
            "source": "reversing-labs"
        },
        {
            "sha256": "259fc8b205e41dea32af006c7eaa325f0d1cca2421c668b778b8d2559d8ec900",
            "id": "IN-MAL-2026-009409",
            "import_time": "2026-07-09T22:02:28.375640612Z",
            "modified_time": "2026-07-09T21:51:42Z",
            "versions": [
                "2.1.6"
            ],
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / logfuse

Package

Affected ranges

Affected versions

2.*
2.1.6

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "logfuse-2.1.6.tgz",
            "hashes": {
                "sha512_sri": "sha512-E1wgtNiNzkM4RuXbanyYHeqj5wRt+ucOvh04rfFXg/OzEfnSuE1XSQAU/sac5I/bdvzfcuRgESQmDlZCScZ4aA==",
                "sha1": "21a87867a46990d32eaa4ac3e15da5ef03a843f7"
            }
        }
    ]
}
cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/logfuse/MAL-2026-7314.json"