MAL-2026-10662: Malicious code in ssweb-wp (npm)
The npm package ssweb-wp version 1.0.0 contains malicious code or depends on a malicious package. Installation or execution of this package can lead to full compromise of the affected system. Secrets and keys stored on the compromised system should be rotated immediately from a different, trusted machine. Removing the package alone may not fully eliminate the malicious presence, as the attacker may have established persistent control.
AI Analysis
Technical Summary
The ssweb-wp package version 1.0.0 in the npm ecosystem was identified as containing malicious code or relying on a malicious dependency. According to the source advisories, any system with this package installed or running should be considered fully compromised. The malicious code may allow attackers to gain complete control over the system, potentially exposing all stored secrets and keys. Immediate remediation involves rotating all credentials from a secure environment and removing the package, although full eradication of the threat cannot be guaranteed due to possible persistent compromise.
Potential Impact
Systems with ssweb-wp version 1.0.0 installed are at risk of full compromise, including unauthorized access to all stored secrets and keys. The malicious code can lead to complete loss of system integrity and confidentiality. The presence of this package implies that attackers may have established persistent control, making the environment unsafe until fully remediated.
Mitigation Recommendations
Remove the ssweb-wp package version 1.0.0 immediately. Rotate all secrets and keys from a secure, uncompromised system. Due to the likelihood of persistent compromise, consider rebuilding or thoroughly cleaning affected systems. No official patch or fix is available; remediation relies on removal and credential rotation.
MAL-2026-10662: Malicious code in ssweb-wp (npm)
Description
The npm package ssweb-wp version 1.0.0 contains malicious code or depends on a malicious package. Installation or execution of this package can lead to full compromise of the affected system. Secrets and keys stored on the compromised system should be rotated immediately from a different, trusted machine. Removing the package alone may not fully eliminate the malicious presence, as the attacker may have established persistent control.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The ssweb-wp package version 1.0.0 in the npm ecosystem was identified as containing malicious code or relying on a malicious dependency. According to the source advisories, any system with this package installed or running should be considered fully compromised. The malicious code may allow attackers to gain complete control over the system, potentially exposing all stored secrets and keys. Immediate remediation involves rotating all credentials from a secure environment and removing the package, although full eradication of the threat cannot be guaranteed due to possible persistent compromise.
Potential Impact
Systems with ssweb-wp version 1.0.0 installed are at risk of full compromise, including unauthorized access to all stored secrets and keys. The malicious code can lead to complete loss of system integrity and confidentiality. The presence of this package implies that attackers may have established persistent control, making the environment unsafe until fully remediated.
Mitigation Recommendations
Remove the ssweb-wp package version 1.0.0 immediately. Rotate all secrets and keys from a secure, uncompromised system. Due to the likelihood of persistent compromise, consider rebuilding or thoroughly cleaning affected systems. No official patch or fix is available; remediation relies on removal and credential rotation.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-10662
- Osv Schema Version
- 1.7.4
- Aliases
- ["GHSA-mcxp-9g3h-6rjx"]
- Ecosystems
- ["npm"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a577ed268715ace43b3f7aa
Added to database: 07/15/2026, 12:36:34 UTC
Last enriched: 07/15/2026, 12:43:31 UTC
Last updated: 07/15/2026, 13:47:04 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.