Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

MAL-2026-6926: Malicious code in paysafe-api (PyPI)

0
High
Published: 07/07/2026 (07/07/2026, 15:21:28 UTC)
Source: GCVE Database
Product: paysafe-api

Description

The paysafe-api package version 1.0.0 on PyPI contains malicious code that exfiltrates basic data and parts of sensitive environment variables to a remote host. It employs obfuscation techniques and detects sandbox environments to evade analysis. This package is involved in a dependency confusion campaign and hides malicious actions within its library usage.

Affected software

PyPIghsa
paysafe-api
Affected versions
=1.0.0

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/08/2026, 13:41:48 UTC

Technical Analysis

The paysafe-api PyPI package version 1.0.0 is identified as malicious software that, when used, executes code to exfiltrate environment variables and other basic data to an external server. The package uses obfuscation and sandbox detection to avoid detection and analysis. It is part of a dependency confusion attack campaign, where attackers publish malicious packages with names similar to legitimate ones to trick users into installing them. No CVSS score is assigned, and no official patch or remediation is indicated in the data.

Potential Impact

Users who install and use paysafe-api version 1.0.0 risk having sensitive environment variables and basic system data exfiltrated to a remote attacker-controlled host. This can lead to credential leakage, unauthorized access, and further compromise of the affected systems. The malicious code's sandbox detection and obfuscation increase the difficulty of detection and analysis.

Mitigation Recommendations

Since no official patch or remediation is provided, users should immediately cease using paysafe-api version 1.0.0 and remove it from their environments. Avoid installing packages from untrusted sources and verify package authenticity before use. Monitor for any signs of compromise related to this package. Patch status is not yet confirmed — check the vendor advisory or PyPI security advisories for updates.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Osv Id
MAL-2026-6926
Osv Schema Version
1.7.4
Aliases
[]
Ecosystems
["PyPI"]
Database Specific Severity
null
Cvss Version
null

Threat ID: 6a4e4ee9c9d9e3dbe3289cd6

Added to database: 07/08/2026, 13:21:45 UTC

Last enriched: 07/08/2026, 13:41:48 UTC

Last updated: 07/08/2026, 13:41:48 UTC

Views: 2

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses