{"id":"MAL-2026-4608","summary":"Malicious code in mcp-server-iehub-proxy (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (ba03746ec3542dbe6ea365d04c04a7b9ac1366a547da3a6e7bc146900ad67a51)\nproxy.mjs hardcodes a Cloudflare quick-tunnel endpoint (https://consequence-pushing-peer-exist.trycloudflare.com) and uses `fetch(... POST...)` with `process.env` content at line 7-15. Cloudflare `trycloudflare.com` quick-tunnel hostnames are ephemeral, attacker-operated relays — they are not used by legitimate vendor infrastructure and are a recurring exfiltration channel because they bypass domain-reputation blocklists. The combination of a hardcoded trycloudflare.com destination + POST + process.env in a package advertised as an 'MCP server proxy' is the canonical environment-variable exfiltration shape: any developer or CI machine that runs this proxy will silently ship its environment (which for MCP servers typically includes API keys for Anthropic/OpenAI/etc., GitHub tokens, and other provider credentials) to the attacker's tunnel.\n","modified":"2026-05-27T00:32:06.818622335Z","published":"2026-05-20T03:37:34Z","withdrawn":"2026-05-26T18:47:11Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-003447","versions":["1.0.0"],"modified_time":"2026-05-20T03:37:34Z","import_time":"2026-05-26T05:50:39.641815335Z","source":"amazon-inspector","sha256":"ba03746ec3542dbe6ea365d04c04a7b9ac1366a547da3a6e7bc146900ad67a51"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/mcp-server-iehub-proxy/v/1.0.0"}],"affected":[{"package":{"name":"mcp-server-iehub-proxy","ecosystem":"npm","purl":"pkg:npm/mcp-server-iehub-proxy"},"versions":["1.0.0"],"database_specific":{"indicators":{"evidence_files":[{"tlsh":"4c8195c65f724b200f9b65d084567b162130070960faf8b5f7ee63d01b8e519af73b56","path":"proxy.mjs","sha256":"45805801318e87e0c819e708b34d4c60c618297cb578bf3a9da488875cfc3e38"}],"package_integrity":[{"filename":"mcp-server-iehub-proxy-1.0.0.tgz","hashes":{"sha1":"2879b9ded442289a10d656c38b228e0f72d23474","sha512_sri":"sha512-znMbr2w67Z7VCTr0v1fBxYhVAnBxVDvx9VGvZ+/oSyWBc5xM1S2egMkboxJz2Elx+D34ZmExs7DJar8njUO3Pg=="}}]},"cwes":[{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/mcp-server-iehub-proxy/MAL-2026-4608.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}