VDB

GCVE-110-OSM-2026-5762

GCVE-110-OSM-2026-5762
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published June 11, 2026
This package is an account-fraud automation tool that mass-registers fake Canva and Leonardo AI accounts using Playwright, collecting generated credentials (email, accessToken, cognitoSession) and sending them to the operator-controlled backend at api-leo.sekitar.online. While this is the tool's stated purpose and users are complicit participants, the exfiltration of generated access tokens and Cognito sessions to a third-party C2-like backend (api-leo.sekitar.online, backed by Supabase at xjknkbvjgrfdfdacippf.supabase.co) combined with the auto-update `execSync("npm install -g leobot-cli@latest")` pattern creates a persistent, remotely-updatable payload delivery channel that could pivot to targeting the users themselves. The accidental inclusion of `.claude/settings.local.json` with the Supabase backend URL confirms the developer's infrastructure. The primary harm is to Canva and Leonardo's platforms, but users' own auth tokens (opts.token) are transmitted to attacker-controlled infrastructure on every API call, and the auto-update mechanism bypasses any future audits. This is not a conventional infostealer, but it is clearly harmful tooling with exfiltration-to-attacker-backend behavior. Entrypoint: bin/cli.js (bin: ./bin/cli.js) Exfil: https://www.canva.com/ (custom-c2, recovery: plaintext in src/commands/generate.js) Loader: https://xjknkbvjgrfdfdacippf.supabase.co/rest/v1/rpc/ in .claude/settings.local.json Payload: src/commands/generate.js Secondary files: src/doctor.js, src/commands/generate.js.bak Key findings: - Shell Command Execution in bin/cli.js: "execSync(" - Hidden NPM Install in bin/cli.js: "execSync("npm install -g leobot-cli@latest"" - Data Encoding for Exfiltration in src/commands/generate.js: "encodeURIComponent(email" - Platform Detection with Data Collection in src/commands/generate.js: "JSON.stringify({ email, accessToken: pageAccessT..." - Data Encoding for Exfiltration in src/commands/generate.js.bak: "encodeURIComponent(email)}`, { headers: { authorization: `Bearer ${opts.token" IOCs: - urls: https://api-leo.sekitar.online/, https://xjknkbvjgrfdfdacippf.supabase.co/rest/v1/rpc/, https://api-kamu.com, https://api.com, https://www.canva.com/ (+2 more) - domains: api-leo.sekitar.online, xjknkbvjgrfdfdacippf.supabase.co, Canva.com, tinggalcolok.online, mhridwan.tech (+3 more) - payloadFileHash: 75d8da42d55f20621d8d2d4b73c50ceb50e33690e7a35668fb0a9142ad0f5244 Hidden install (secondary package pulled at runtime): - -g [OSM: clean] in bin/cli.js - -g [OSM: clean] in src/commands/update.js

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
unknownleobot-cli1.1.6 (affected)

References

vendor

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›