chore: pattern update 2026.04.15.1 — 5 new rules (PSV-020/021/022, MAL-068, SUP-035)

[kurtpayne]

2026-04-15

rulepack: 2026.04.15.1
Five new detection rules, IOC enrichment, and vuln DB updates covering a systemic MCP STDIO command injection advisory, a Marimo pre-auth RCE, a docker-mcp-server OS command injection, and two malicious npm supply chain packages.

• Added PSV-020 (critical): MCP STDIO arbitrary command injection via unsanitized adapter configuration (CVE-2026-30623/30624/30616/30617/30618/33224) — OX Security (April 15, 2026) disclosed a systemic MCP STDIO command injection vulnerability affecting LiteLLM (CVE-2026-30623), Agent Zero (CVE-2026-30624), Jaaz (CVE-2026-30616), LangChain-ChatChat (CVE-2026-30617), Fay Digital Human (CVE-2026-30618), Bisheng (CVE-2026-33224), LangFlow, and GPT Researcher. All affected platforms pass user-supplied MCP server command and args values directly to StdioServerParameters without sanitization, enabling authenticated or unauthenticated RCE. Restrict MCP server configuration to trusted administrators and upgrade to patched versions.
• Added PSV-021 (critical): Marimo reactive notebook pre-auth RCE via unauthenticated WebSocket terminal (CVE-2026-39987, < 0.23.0) — CVE-2026-39987 (CVSS 9.3, CWE-306, GHSA-2679-6mx9-h9xc) is a critical pre-authentication RCE in Marimo prior to 0.23.0. The /terminal/ws WebSocket endpoint lacks authentication validation, allowing any unauthenticated attacker to obtain a full PTY shell. Exploited in the wild within 10 hours of disclosure. Upgrade to Marimo 0.23.0 or later immediately.
• Added PSV-022 (medium): docker-mcp-server OS command injection RCE (CVE-2026-5741, <= 0.1.0) — CVE-2026-5741 (CWE-77, CVSS 6.9) is an OS command injection in suvarchal docker-mcp-server up to version 0.1.0. The stop_container(), remove_container(), and pull_image() functions pass user-supplied values directly to shell commands without sanitization. No official patch available. Restrict network access to localhost only.
• Added MAL-068 (critical): js-logger-pack npm multi-platform WebSocket stealer (postinstall C2 agent) — js-logger-pack is a malicious npm package (SafeDep, April 2026) that evolved into a full-featured multi-platform infostealer over 23 versions. Its postinstall hook deploys an 885 KB obfuscated bundle that installs an SSH backdoor (bink@DESKTOP-N8JGD6T), exfiltrates Telegram tdata, drains 27 crypto wallets and browser credentials, and runs a native keylogger with autostart persistence. C2: ws://195.201.194.107:8010 (api-sub.jrodacooker.dev). Remove immediately and rotate all credentials.
• Added SUP-035 (critical): dom-utils-lite / centralogger npm SSH backdoor via Supabase C2 — dom-utils-lite and centralogger are malicious npm packages (SafeDep, April 14, 2026) whose postinstall hook fetches the attacker's SSH public key from Supabase storage and appends it to ~/.ssh/authorized_keys ("ssh-key-auto-sync" tag), granting persistent SSH access. C2 domains: xienztiavkygvacpqzgr.supabase.co and ndfcioahsbgsjmulpjgt.supabase.co. Remove both packages, revoke SSH access, and audit authorized_keys.
• IOC update: added api-sub.jrodacooker.dev, jrodacooker.dev, xienztiavkygvacpqzgr.supabase.co, ndfcioahsbgsjmulpjgt.supabase.co to domain IOC DB; added 195.201.194.107 to IP IOC DB.
• Vuln DB update: added marimo (CVE-2026-39987, critical, fixed 0.23.0), docker-mcp-server (CVE-2026-5741, medium, no patch), js-logger-pack (MALICIOUS-NPM-2026-0415-JS-LOGGER-PACK, critical), dom-utils-lite (MALICIOUS-NPM-2026-0414-DOM-UTILS-LITE, critical), and centralogger (MALICIOUS-NPM-2026-0414-CENTRALOGGER, critical) to vuln DB.
  Sources:
• OX Security (MCP STDIO systemic advisory): https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/
• SecurityWeek (MCP STDIO): https://www.securityweek.com/by-design-flaw-in-mcp-could-enable-widespread-ai-supply-chain-attacks/
• NVD (CVE-2026-39987): https://nvd.nist.gov/vuln/detail/CVE-2026-39987
• GitHub Advisory (GHSA-2679-6mx9-h9xc): GHSA-2679-6mx9-h9xc
• Endor Labs (CVE-2026-39987): https://www.endorlabs.com/learn/root-in-one-request-marimos-critical-pre-auth-rce-cve-2026-39987
• SentinelOne (CVE-2026-5741): https://www.sentinelone.com/vulnerability-database/cve-2026-5741/
• SafeDep (js-logger-pack): https://safedep.io/malicious-js-logger-pack-npm-stealer/
• SafeDep (dom-utils-lite): https://safedep.io/malicious-dom-utils-lite-npm-ssh-backdoor/

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.25%. Comparing base (a0dd07d) to head (bf3dd5a).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #191   +/-   ##
=======================================
  Coverage   75.25%   75.25%           
=======================================
  Files          33       33           
  Lines        4643     4643           
=======================================
  Hits         3494     3494           
  Misses       1149     1149           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.