Vulnerability
Malicious code in pywingui (PyPI)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (6db77876bf3b13e55750748761841f7ab77f17bd951bdc1c749e1e56d4416d7e) pywingui 6.0.1 advertises itself as a Win32 UI automation framework but ships only Nuitka-compiled cp311-win32.pyd binaries (the 4.py files are trivial re-exports). Two undisclosed behaviors are embedded in those binaries: 1) Silent relay of OCR data: ui/ocr_utils.cp311-win32.pyd embeds a hardcoded Nanonets bearer token ('Bearer bc65bc5e-1ba4-4284-96ec-3320920b32cd') and an OCR.space API key ('K83196308188957'), and config sets DEFAULT_OCR_PROVIDER='nanonets'. The OCR helpers (read_form_smart and related) upload caller-supplied window screenshots to https://extraction-api.nanonets.com/api/v1/extract/sync and https://api.ocr.space/Parse/Image using the author's own accounts, so any image the consumer OCRs through the documented API is delivered to the author's Nanonets dashboard. The README (which emphasizes Progress OpenEdge ERP automation) does not disclose this. The hardcoded third-party API keys are also redistributed to every installer. 2) Undisclosed phone-home / kill-switch: core/runtime_guard.cp311-win32.pyd builds a machine fingerprint from socket.gethostname() + getpass.getuser() hashed with SHA-256 and POSTs {action:'check', app:'PYWINGUI', machine_id} to a hardcoded Google Apps Script endpoint (script.google.com/macros/s/AKfycbw_wxvGol9xUpiwvIJYSvV488bUzKt5-2n6Q9mw8_hSG9N22zUUce2hw0mbUgB4lDqB/exec). RuntimeGuard().validate() is invoked from Engine.__init__, which is constructed by the AppContext every consumer instantiates, so the beacon fires on normal first use. The result is cached Fernet-encrypted under ~/.pywingui/. README mentions no licensing or telemetry, and the server can deny access (kill-switch). The compiled-only distribution hides both behaviors from source audit. This satisfies the silent-relay class (caller-supplied OCR data flowing to author-controlled SaaS via author credentials) and adds an undisclosed identifier-beacon with remote-disable capability.
No CVSS base score from NVD or GHSA yet. NVD typically scores within 24–72 hours of publication; GHSA usually within a day for OSS-flagged CVEs. Last record update .
For interim severity, fall back on KEV / EXPLOIT signals and the EPSS percentile (lower panel). Re-check this CVE after one cron tick — the score lands automatically when the source publishes.
FIRST.org publishes EPSS daily. Coverage isn't universal — pre-disclosure CVEs and reserved IDs don't carry an EPSS score until at least one exploitation signal lands. Score will appear within 24 hours of the next EPSS pull.
No exploitation, limited impact or prevalence