Ecosystem	Package	Version

Vulnerabilities

sonatype-2026-000623

sonatype-2026-000623

Malicious Packages - Fri Feb 27 2026 [Credential Info Stealer]

Published Feb 27, 2026

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-1052.json

CVSS ScoreHigh

7.1

Ecosystem	Package	Version


npm	foundry-node	0.0.1-research
npm	foundry-node	99.0.0-dummy
npm	foundry-toolkit	1.0.0
npm	foundry-toolkit	1.0.10
npm	foundry-toolkit	1.0.11
npm	foundry-toolkit	1.0.12
npm	foundry-toolkit	1.0.13
npm	foundry-toolkit	1.0.14
npm	foundry-toolkit	1.0.15
npm	foundry-toolkit	1.0.16
npm	foundry-toolkit	1.0.17
npm	foundry-toolkit	1.0.18
npm	foundry-toolkit	1.0.19
npm	foundry-toolkit	1.0.1
npm	foundry-toolkit	1.0.20
npm	foundry-toolkit	1.0.2
npm	foundry-toolkit	1.0.3
npm	foundry-toolkit	1.0.4
npm	foundry-toolkit	1.0.5
npm	foundry-toolkit	1.0.6
npm	foundry-toolkit	1.0.7
npm	foundry-toolkit	1.0.8
npm	foundry-toolkit	1.0.9
npm	foundry-toolkit	99.0.0-dummy

sonatype-2026-000623 | Components Impacted | Sonatype Guide | Sonatype Guide