VDB
KO

MAL-2026-6728

Malicious code in dt-validator (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (0fc0256380d811cdce05ffa9c3644a5f7e4ebd6f7acfce0f955935b42449b17a) Code contains a function to execute remote code, which at the time of analysis was extracting the "auth_user" table from Django DB. The remote code execution is partially documented and disguised with multiple warnings, but a) the 'convenience function' uses a hardcoded endpoint and loads results to the global namespace, b) the warnings are silenced by default.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-dt-validator

Reasons (based on the campaign):

- Downloads and executes a remote malicious script.

- action-hidden-in-lib-usage

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / dt-validator

No fixed version published yet for dt-validator (pip). Pin to a known-safe version or switch to an alternative.

References