@forjacms/sections

MAL-2026-5207

npmbackdoor6/5/2026

Description

Malicious code in @forjacms/sections (npm)

Indicators of Compromise

SHA256 Hashes (1)

a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb

References (2)

https://www.endorlabs.com/learn/malicious-payload-in-ai-sdk-ollama-npm-packageOSV https://www.stepsecurity.io/blog/binding-gyp-npm-supply-chain-attack-spreads-like-wormOSV

Details

Ecosystemnpm

Attack Typebackdoor

Published6/5/2026

Quick Actions

All Incidents npm Incidents

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001