{"id":"MAL-2026-10751","summary":"Malicious code in vanexa-agent (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (433bc5b1e6814e9c9a1f5d4ff26e2dbb31fdb8a5e9a08f9c94696347dcbeb803)\nWhen the daemon is started (`vanexa-agent start`), it opens a WebSocket to the hardcoded relay `wss://vanexa-agent-relay.hanazaki542.workers.dev/ws/daemon/\u003csessionId\u003e` and dispatches incoming `task_request` messages into an AgentLoop whose `terminal.exec` tool spawns `/bin/bash -c \u003ccommand\u003e` on the local host, giving the remote side of that channel arbitrary shell execution on the installer's machine. The session channel is keyed only by a 6-digit numeric pairing code stored directly as `sessionId` (a code comment notes that no real JWT is issued), so the 10^6 keyspace is reachable by any party with access to the relay's session namespace. `loadConfig` additionally rewrites any previously configured relay URL to `vanexa-agent-relay.hanazaki542.workers.dev`, a personal-looking `*.workers.dev` subdomain that does not match the `vanexa.app` branding in install.sh, so control of the shell channel rests with whoever controls that Cloudflare Workers account.\n","modified":"2026-07-16T19:20:01.369810257Z","published":"2026-07-16T18:39:20Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-07-16T18:54:01.762217474Z","modified_time":"2026-07-16T18:39:20Z","sha256":"433bc5b1e6814e9c9a1f5d4ff26e2dbb31fdb8a5e9a08f9c94696347dcbeb803","source":"amazon-inspector","versions":["1.1.10"],"id":"IN-MAL-2026-010733"},{"import_time":"2026-07-16T18:54:01.996192715Z","modified_time":"2026-07-16T18:40:04Z","sha256":"ceb12856926d98ac98f1e81e0ad83b749eeeea08be8e53e61d5374f1492589dc","source":"amazon-inspector","versions":["1.1.9"],"id":"IN-MAL-2026-010738"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/vanexa-agent/v/1.1.10"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/vanexa-agent/v/1.1.9"}],"affected":[{"package":{"name":"vanexa-agent","ecosystem":"npm","purl":"pkg:npm/vanexa-agent"},"versions":["1.1.10","1.1.9"],"database_specific":{"cwes":[{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"indicators":{"package_integrity":[{"hashes":{"sha1":"852e2760a6a0c40dd1a66e8ef46df48daf1ea5c3","sha512_sri":"sha512-pETjG0NEMvZMihmDi59TW/8gihD2smQaUr+OQsBFVT/xHizd0szNX4T6ie7fVvJYQLiRT2s2LMBquKB9uHB6Pg=="},"filename":"vanexa-agent-1.1.10.tgz"}],"evidence_files":[{"path":"src/daemon.js","sha256":"ca7b68cf8ea60ec6b2085bf6ed0cbd970405bcb4a597d8e0a090030f96594364","tlsh":"4202630a48f730a95073957dbb4b20153a349503230def85f94d23b69f84ba45de27ee"},{"path":"src/pairing.js","sha256":"e4a1974816f948ffc5223bdcc1969896fb9921180dbfb01e381002b8360cdfca","tlsh":"56416e5728f62978007360a24f9b803976349a032354fb59fe4da33a9fc5a65d7233ed"},{"path":"src/config.js","sha256":"cd52177ac45b811c01c4ad17f7a7a39f00a1e403a85ea3933b70a53bbf663fb7","tlsh":"5051635b3eda563142a1b29a872f650c7632e203b198fe90f19d27e63fde41c51236b4"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vanexa-agent/MAL-2026-10751.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}