The PyPI repository now hosts a package named 'proxmox-mcp-plus' that may contain malicious code, posing a supply chain risk. All users who have installed this package or use Proxmox environments could be affected by potential unauthorized access or data exfiltration. Immediate removal and verification of installed packages are strongly advised.
proxmox-mcp-plus added to PyPI
The PyPI repository now hosts a package named 'proxmox-mcp-plus' that may contain malicious code, posing a supply chain risk. All users who have installed this package or use Proxmox environments could be affected by potential unauthorized access or data exfiltration. Immediate removal and verification of installed packages are strongly advised.