Malicious Compromise of OpenSearch Pre-Release npm Packages

56% confidence

Description

The OpenSearch Project's npm publishing infrastructure was compromised, leading to the publication of inauthentic OpenSearch prerelease artifacts containing malicious packages. The affected versions were identified and removed from the npm repository.

Affected Products

Vendor	Product	Versions
opensearch project	—	3.5.3, 3.6.2, 3.7.0, 3.8.0

Related News (1 articles)

Tier C

oss-security2h ago

Fwd: [siren] [Security Advisory] Severity: CRITICAL - Malicious Compromise of OpenSearch Pre-Release npm Packages

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

PublishedMay 12, 2026

Last enriched2h ago

Trending Score30

Source articles1

Independent1

Info Completeness4/14

Missing: cve_id, product, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Malicious Compromise of OpenSearch Pre-Release npm Packages

Description

Affected Products

Related News (1 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline