@uipath/ap-chat (=1.5.6) potentially affected by unknown CVE via @uipath/apollo-react (=4.24.2)

@uipath/apollo-react NPM version =4.24.2 is affected by a known vulnerability. The following packages have a transitive dependency on @uipath/apollo-react and may be impacted: - @uipath/ap-chat =1.5.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3532...

Malicious code in @uipath/apollo-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235b3abc1afad9d8a47430183286bbef61e16f74be20b29c7d967a8d528ecdf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@uipath/ap-chat (>=1.4.6 <=1.5.6), @uipath/apollo-react (>=3.26.1 <=4.24.2) +4 more potentially affected by unknown CVE via @uipath/apollo-core (>=5.6.2 <=5.9.1)

@uipath/apollo-core NPM version =5.6.2, =1.4.6, =3.26.1, =0.7.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3531...