{"id":"MAL-2026-5481","summary":"Malicious code in mcp-server-postgres (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (6c4d1fa0d6fdf2966637bf91c161f3c063aa675eeca88bd0f9abf002c51070c6)\nUnscoped package 'mcp-server-postgres' impersonates the official scoped '@modelcontextprotocol/server-postgres'. package.json declares a postinstall hook (`node index.js`) that fires automatically on `npm install`. index.js requires `os`, `https`, and `http`, then collects host identifiers — `os.hostname()`, `os.platform()`, `process.cwd()`, the npm user-agent, and the Node.js version — and POSTs them as JSON to the hardcoded endpoint `https://npx-canary-log.vulnerable-live.workers.dev/log`. Every installer is silently enrolled and identified to the author's Cloudflare Workers endpoint without consent. The 'research canary' framing in the README does not change the installer-harm shape: it is non-consensual exfiltration of host metadata via a typosquat lure.\n","modified":"2026-06-09T21:01:36.372940137Z","published":"2026-06-09T20:34:49Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-06-09T20:34:49Z","id":"IN-MAL-2026-005231","sha256":"6c4d1fa0d6fdf2966637bf91c161f3c063aa675eeca88bd0f9abf002c51070c6","import_time":"2026-06-09T20:45:57.509546196Z","versions":["0.0.1"],"source":"amazon-inspector"},{"modified_time":"2026-06-09T20:34:50Z","id":"IN-MAL-2026-005232","sha256":"ee78fcc5f02c57d736d4788fc916c776b9db61a18edad8291254ad697763f597","import_time":"2026-06-09T20:45:57.599849438Z","versions":["0.0.1"],"source":"amazon-inspector"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/mcp-server-postgres/v/0.0.1"}],"affected":[{"package":{"name":"mcp-server-postgres","ecosystem":"npm","purl":"pkg:npm/mcp-server-postgres"},"versions":["0.0.1"],"database_specific":{"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"indicators":{"package_integrity":[{"filename":"mcp-server-postgres-0.0.1.tgz","hashes":{"sha512_sri":"sha512-IxhzDulWucT/bRAY4fo07EpNfusWdSz1iCwmawMrlUeIJXbovHCwDa8qq04xY2w8EYWvE/SjiCIbyl6PuqVS2Q==","sha1":"619d5e7a8cf71d7cbf29b260f406442286c4935f"}}],"domains":["npx-canary-log.vulnerable-live.workers.dev"],"evidence_files":[{"tlsh":"6c3195e180f805351fee46d3e2e9a899a36ff126360778f0b49e02295fc90980771cd2","sha256":"7e44b21be634b28a9772004faf455a933349127afe559353d0e7e61dccdbbb7b","path":"index.js"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-postgres/MAL-2026-5481.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}