MAL-2026-10751
Malicious code in vanexa-agent (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (433bc5b1e6814e9c9a1f5d4ff26e2dbb31fdb8a5e9a08f9c94696347dcbeb803) When the daemon is started (`vanexa-agent start`), it opens a WebSocket to the hardcoded relay `wss://vanexa-agent-relay.hanazaki542.workers.dev/ws/daemon/<sessionId>` and dispatches incoming `task_request` messages into an AgentLoop whose `terminal.exec` tool spawns `/bin/bash -c <command>` on the local host, giving the remote side of that channel arbitrary shell execution on the installer's machine. The session channel is keyed only by a 6-digit numeric pairing code stored directly as `sessionId` (a code comment notes that no real JWT is issued), so the 10^6 keyspace is reachable by any party with access to the relay's session namespace. `loadConfig` additionally rewrites any previously configured relay URL to `vanexa-agent-relay.hanazaki542.workers.dev`, a personal-looking `*.workers.dev` subdomain that does not match the `vanexa.app` branding in install.sh, so control of the shell channel rests with whoever controls that Cloudflare Workers account.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for vanexa-agent (npm). Pin to a known-safe version or switch to an alternative.