VDB
EN

MAL-2026-10751

Malicious code in vanexa-agent (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (433bc5b1e6814e9c9a1f5d4ff26e2dbb31fdb8a5e9a08f9c94696347dcbeb803) When the daemon is started (`vanexa-agent start`), it opens a WebSocket to the hardcoded relay `wss://vanexa-agent-relay.hanazaki542.workers.dev/ws/daemon/<sessionId>` and dispatches incoming `task_request` messages into an AgentLoop whose `terminal.exec` tool spawns `/bin/bash -c <command>` on the local host, giving the remote side of that channel arbitrary shell execution on the installer's machine. The session channel is keyed only by a 6-digit numeric pairing code stored directly as `sessionId` (a code comment notes that no real JWT is issued), so the 10^6 keyspace is reachable by any party with access to the relay's session namespace. `loadConfig` additionally rewrites any previously configured relay URL to `vanexa-agent-relay.hanazaki542.workers.dev`, a personal-looking `*.workers.dev` subdomain that does not match the `vanexa.app` branding in install.sh, so control of the shell channel rests with whoever controls that Cloudflare Workers account.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / vanexa-agent

No fixed version published yet for vanexa-agent (npm). Pin to a known-safe version or switch to an alternative.

참고