mal-2026-3177
Vulnerability from ossf_malicious_packages
Supply chain compromise of legitimate SAP packages published by threat actor "cloudmtabot@gmail.com" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs (4.4 KB) and execution.js (11.1 MB) bundled in the tarball, with a preinstall hook of "node setup.mjs". Notably, setup.mjs is explicitly excluded from the package.json 'files' allowlist yet is still shipped in the tarball — a manifest evasion technique intended to hide the malicious file from allowlist inspection while still executing it on install. execution.js (11.1 MB) is anomalously large for these packages and is consistent with an embedded payload or exfiltration binary. Packages were published 2026-04-29T09:55Z.
@cap-js/postgres is the PostgreSQL database adapter for SAP's Cloud Application Programming (CAP) model. Its presence in CI/CD pipelines gives the payload access to database credentials and build environment secrets.
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (38808eb534a2ed04b732a3acb7e4f8bd0aae8c2d64123d611a6565d5ce9440dd)
The package @cap-js/postgres was found to contain malicious code.
Source: ghsa-malware (d5d183f241500547c1956a14e7abd4ef842eaa0040900ccd3eff80b1ae046405)
Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
- CWE-506 - The product contains code that appears to be malicious in nature.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
]
},
"package": {
"ecosystem": "npm",
"name": "@cap-js/postgres"
},
"versions": [
"2.2.2"
]
}
],
"aliases": [
"GHSA-7vv3-r527-wvjr"
],
"credits": [
{
"contact": [
"actran@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
},
{
"contact": [
"https://safedep.io"
],
"name": "SafeDep",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "GHSA-7vv3-r527-wvjr",
"import_time": "2026-04-30T16:46:55.471035306Z",
"modified_time": "2026-04-30T16:39:03Z",
"sha256": "d5d183f241500547c1956a14e7abd4ef842eaa0040900ccd3eff80b1ae046405",
"source": "ghsa-malware",
"versions": [
"2.2.2"
]
},
{
"import_time": "2026-04-30T22:23:13.994356934Z",
"modified_time": "2026-04-30T21:59:18Z",
"sha256": "38808eb534a2ed04b732a3acb7e4f8bd0aae8c2d64123d611a6565d5ce9440dd",
"source": "amazon-inspector",
"versions": [
"2.2.2"
]
}
]
},
"details": "Supply chain compromise of legitimate SAP packages published by threat actor \"cloudmtabot@gmail.com\" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs (4.4 KB) and execution.js (11.1 MB) bundled in the tarball, with a preinstall hook of \"node setup.mjs\". Notably, setup.mjs is explicitly excluded from the package.json \u0027files\u0027 allowlist yet is still shipped in the tarball \u2014 a manifest evasion technique intended to hide the malicious file from allowlist inspection while still executing it on install. execution.js (11.1 MB) is anomalously large for these packages and is consistent with an embedded payload or exfiltration binary. Packages were published 2026-04-29T09:55Z.\n\n@cap-js/postgres is the PostgreSQL database adapter for SAP\u0027s Cloud Application Programming (CAP) model. Its presence in CI/CD pipelines gives the payload access to database credentials and build environment secrets.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (38808eb534a2ed04b732a3acb7e4f8bd0aae8c2d64123d611a6565d5ce9440dd)\nThe package @cap-js/postgres was found to contain malicious code.\n\n## Source: ghsa-malware (d5d183f241500547c1956a14e7abd4ef842eaa0040900ccd3eff80b1ae046405)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n",
"id": "MAL-2026-3177",
"modified": "2026-04-30T22:32:07Z",
"published": "2026-04-29T10:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://safedep.io/mini-shai-hulud-and-sap-compromise/"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-7vv3-r527-wvjr"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in @cap-js/postgres (npm)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.