microsoft-cms-client

MAL-2026-978

npmmalware2/21/2026
Description

Malicious code in microsoft-cms-client (npm)

Indicators of Compromise
SHA256 Hashes (4)
e9889a2174513f47081da525d2623e6dd49287cfbbfd67f32dfaac0a984a6080
f7b294b7687450dc84fbfd0d8f7ae1e91005b3262c02776a00ce7b8fac699531
c507e9ca51bd8797443e8339d9069ce7a53d5b16d99e2198f6f856fcfa5a1ecf
efa030536229c410fb747117f5c8f0efd026b23b8bba7acf04980267a697cce7
References (1)
https://github.com/advisories/GHSA-xcqv-f95p-vrc9OSV
Details
Ecosystemnpm
Attack Typemalware
Published2/21/2026
Affected Versions
0
Aliases
GHSA-xcqv-f95p-vrc9
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001