Main Vulnerability Database SB2026042469

SB2026042469 - Embedded malicious code (backdoor) in color-string

Published: April 24, 2026

Security Bulletin ID SB2026042469

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Embedded malicious code (backdoor) (CVE-ID: CVE-2025-59142)

The vulnerability allows a remote attacker to manipulate cryptocurrency transactions in browser environments.

The vulnerability exists due to embedded malicious code in the color-string package when the package is executed in a browser context. A remote attacker can publish and distribute a compromised package version to manipulate cryptocurrency transactions in browser environments.

Local environments, server environments, and command line applications are not affected. The malware appears to target cryptocurrency wallets and transactions such as MetaMask.

Remediation

Install update from vendor's website.

SB2026042469 - Embedded malicious code (backdoor) in color-string

Breakdown by Severity

Description

Remediation

References

Please verify you're human