MAL-2026-5482
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-redis/MAL-2026-5482.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MAL-2026-5482
- Published
- 2026-06-09T20:34:45Z
- Modified
- 2026-06-12T20:01:43.755706868Z
- Summary
- Malicious code in mcp-server-redis (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (c94a122c1dd231888bc72b52cbef5dbdd793d2680f7e7e36385bd06e07dc20fd)
Package claims the unscoped name
mcp-server-redisto interceptnpx mcp-server-redisinvocations intended for the legitimate MCP Redis server ecosystem.package.jsondeclaresscripts.postinstall: node index.js, so onnpm installthe package automatically executes index.js, which collects host identifiers viaos.hostname(),os.platform(),process.cwd(),process.env.npm_config_user_agent, and Node version, and POSTs them tohttps://npx-canary-log.vulnerable-live.workers.dev/log(hardcoded at index.js:16). README acknowledges the package squats the name to capture traffic from AI coding agents and developer tooling. Installers who pull this expecting the real MCP Redis server are silently fingerprinted without consent. Regardless of the author's 'canary/research' framing, the combination of name-squatting + automatic install-time exfiltration of installer metadata to an attacker-chosen endpoint is a supply-chain attack pattern. - Database specific
{ "malicious-packages-origins": [ { "modified_time": "2026-06-09T20:34:45Z", "source": "amazon-inspector", "sha256": "2c31b47d009efb7e10d0b41e71923fcfefa90a45895db0ec02bc6c8f1fee1c86", "id": "IN-MAL-2026-005229", "versions": [ "0.0.1" ], "import_time": "2026-06-09T20:45:57.161859612Z" }, { "modified_time": "2026-06-09T20:34:45Z", "source": "amazon-inspector", "sha256": "f4a4d371479bb5a292f632f9afc8661c13142c51f347d3013cc5dceca8ce46ab", "id": "IN-MAL-2026-005230", "import_time": "2026-06-09T20:45:57.396545442Z", "versions": [ "0.0.1" ] }, { "modified_time": "2026-06-12T19:04:38Z", "source": "amazon-inspector", "sha256": "b6d87b7f9e47dd6abfb85badcb819ef44b8f6a3e8fa20439709e7bf7606b3532", "id": "IN-MAL-2026-005906", "versions": [ "0.0.2" ], "import_time": "2026-06-12T19:43:46.198451021Z" }, { "modified_time": "2026-06-12T19:04:38Z", "source": "amazon-inspector", "sha256": "c94a122c1dd231888bc72b52cbef5dbdd793d2680f7e7e36385bd06e07dc20fd", "id": "IN-MAL-2026-005905", "versions": [ "0.0.2" ], "import_time": "2026-06-12T19:43:46.101530937Z" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / mcp-server-redis
Package
- Name
- mcp-server-redis
- View open source insights on deps.dev
- Purl
- pkg:npm/mcp-server-redis
Database specific
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-redis/MAL-2026-5482.json"
cwes
[
{
"name": "Embedded Malicious Code",
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature."
},
{
"name": "Embedded Malicious Code",
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature."
}
]
indicators
{
"package_integrity": [
{
"filename": "mcp-server-redis-0.0.1.tgz",
"hashes": {
"sha512_sri": "sha512-sBrOVZIhwXu8Aau/1R5gG4hPmohwTzfcCyUlJiEa2jmUebEZtveqqGZJBuAOvj80mLCz9HCHXHI7rAeQOh7TYA==",
"sha1": "c2b0b566c31fdb57fb46bdb2f0b886f2732bef3a"
}
}
],
"evidence_files": [
{
"sha256": "be03db8da037601b49370ecd884f19a126fc696d0a7eccf8d3672a135dd3c952",
"tlsh": "b63195e180f805361bfe46d3e2e9a899a36ff126360678f0b45e02695fcd4980771cd2",
"path": "index.js"
},
{
"sha256": "72085414e00cf1b368dedbac5c2ea133e9a259a597908cce1ef0edd5288bd3f8",
"tlsh": "d221a32383c1a33a03d34836394976b2ab7ab0b4738210b4fadd154ffa4ac2943730d6",
"path": "README.md"
}
],
"domains": [
"npx-canary-log.vulnerable-live.workers.dev"
]
}