MAL-2026-5483
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-sentry/MAL-2026-5483.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MAL-2026-5483
- Published
- 2026-06-09T20:33:56Z
- Modified
- 2026-06-12T20:01:43.875035435Z
- Summary
- Malicious code in mcp-server-sentry (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (cf12283b2f16a43388d0cc6c2991fbbdab0da44ab344c1f9c71515dd05024046)
On
npm install, the package's postinstall hook (scripts.postinstall:node index.js) collects host identifiers —os.hostname(),process.cwd(), the npm user-agent, Node version, andos.platform()/arch — and POSTs them to a hardcoded remote endpoint athttps://npx-canary-log.vulnerable-live.workers.dev/logwithout any installer consent or opt-out. The package namemcp-server-sentryis an unscoped squat targeting the MCP/Sentry naming convention used by AI coding agents and developer tooling that invokenpx mcp-server-sentryexpecting an official MCP server; the README confirms the package was published to capture traffic resolving this unclaimed name. The combination of an intentional name-squat plus install-time outbound transmission of installer identifiers (hostname + working-directory paths, which routinely leak usernames and project layouts) to an author-controlled Cloudflare Workers endpoint is a supply-chain exfiltration shape, regardless of the author's stated 'research canary' intent — installers receive no disclosure and no opportunity to decline before the beacon fires. - Database specific
{ "malicious-packages-origins": [ { "modified_time": "2026-06-09T20:33:56Z", "source": "amazon-inspector", "sha256": "8958cba33d604713291f4f6c0a036afbf1e87ad5a4f07208e65b8b6c0c8925cd", "id": "IN-MAL-2026-005222", "import_time": "2026-06-09T20:45:56.271164213Z", "versions": [ "0.0.1" ] }, { "modified_time": "2026-06-09T20:33:56Z", "source": "amazon-inspector", "sha256": "cf12283b2f16a43388d0cc6c2991fbbdab0da44ab344c1f9c71515dd05024046", "id": "IN-MAL-2026-005221", "import_time": "2026-06-09T20:45:56.113242468Z", "versions": [ "0.0.1" ] }, { "modified_time": "2026-06-12T19:08:05Z", "source": "amazon-inspector", "sha256": "425687b3f3b3b2b66b87fc41473eeb1b8cc1ad435d9d3c8f9ba04e9bd4bd2900", "id": "IN-MAL-2026-006069", "versions": [ "0.0.2" ], "import_time": "2026-06-12T19:44:04.390139565Z" }, { "modified_time": "2026-06-12T19:08:06Z", "source": "amazon-inspector", "sha256": "d60e168b4e5a5d37ecf2e06734c5eea1440ebc8a224e6789b4b5b635e160cff2", "id": "IN-MAL-2026-006070", "versions": [ "0.0.2" ], "import_time": "2026-06-12T19:44:04.475922458Z" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / mcp-server-sentry
Package
- Name
- mcp-server-sentry
- View open source insights on deps.dev
- Purl
- pkg:npm/mcp-server-sentry
Database specific
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-sentry/MAL-2026-5483.json"
cwes
[
{
"name": "Embedded Malicious Code",
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature."
},
{
"name": "Embedded Malicious Code",
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature."
}
]
indicators
{
"package_integrity": [
{
"filename": "mcp-server-sentry-0.0.1.tgz",
"hashes": {
"sha512_sri": "sha512-2lKbHqncUy77jU2CDqWm5GhYi+/KNDO/DlFcE14v6nRPKbfV+oKXd9NTGIoZqsERKNrVhn3+D6ZBmBMas1s6Jg==",
"sha1": "bb35a4f090eb1ef8833d9a90bafefeec099dd6b3"
}
}
],
"evidence_files": [
{
"sha256": "36cd93aa9a8ac8a0b6d64e4ef03aa5c3efd6d9f6f0b7434392475f8a2fed6877",
"tlsh": "f33195e180f805351bee46d3e1e9a899a36ff1263a0678f4b45e02295fcd49807b1cd2",
"path": "index.js"
},
{
"sha256": "c276523e95d9666c73752d3ec82def504a1429a6909eec82daa1b1927e464c84",
"tlsh": "9021717393d1733a03d24a363944b6626b3e70b5734210a8f69d060eeb4282a83b30d6",
"path": "README.md"
}
],
"domains": [
"npx-canary-log.vulnerable-live.workers.dev"
]
}