critical

CVE

CVE-2026-12866, CVE-2026-53571

CWE

CWE-506, CWE-494, CWE-829, CWE-94, CWE-22, CWE-200

Affected Surface

Developer workstations, CI runners, and Backstage build environments that installed the compromised `@immobiliarelabs` or Leo Platform npm package versions published during 24-26 June 2026, Node.js applications, internal tools, and automation paths that call `expr-eval`'s `toJSFunction()` on attacker-controlled formulas or variables, Windows-hosted Vite dev servers exposed beyond localhost while serving directories that contain `.env`, certificate, or other sensitive files

Welcome to Corgea’s weekly briefing. The briefing covers the most important security findings and research from the week.

This edition covers research published from Wednesday, 24 June through Tuesday, 30 June 2026, excluding items already covered in the 23 June briefing.

Top Article

ImmobiliareLabs Backstage plugins compromised with Phantom Gyp Miasma payload

This week’s most important story is the @immobiliarelabs compromise, because it hit packages that commonly live inside internal developer portals and CI-backed monorepos where GitLab tokens, LDAP configuration, cloud credentials, and platform secrets already coexist. StepSecurity deserves first public-disclosure credit for documenting the compromised npm releases, Socket deserves credit for clustering the incident into the broader Miasma / Mini Shai-Hulud activity, and the ImmobiliareLabs maintainers deserve credit for publishing clean replacement versions quickly and handling the public response in the open. In practical terms, this belongs in the same trust-boundary bucket as Leo Platform’s compromised npm packages, the earlier Mastra scope takeover, and the dbmux Phantom Gyp incident: a normal-looking JavaScript package can hide the real execution edge in binding.gyp, turning npm install into code execution on the workstation or runner that already holds privileged automation state.

The key thing to remember is not just that 22 versions were poisoned. It is that the targeted packages sit at the junction of developer identity, source-control integration, and internal platform access. That makes a Backstage plugin compromise feel closer in operational impact to GlassWASM’s Open VSX extension attack than to a routine npm malware story, because the install host is often already adjacent to the secrets and developer-tool configuration files attackers need for persistence and follow-on publishing.

More news

Leo Platform npm packages compromised with Phantom Gyp Miasma toolkit

The second story that deserves close attention is the Leo Platform wave, because it shows the same operator playbook is still expanding rather than burning out. StepSecurity deserves credit for the first disclosure, Endor Labs deserves credit for extending the poisoned set from 20 to 23 package versions and showing that leo-sdk’s latest dist-tag was repointed to the malicious line, and Socket deserves credit for tying the same payload family to adjacent GitHub Actions and source-archive abuse. That continuity matters because it links this week’s ImmobiliareLabs Backstage compromise directly to earlier June incidents including Mastra and Miasma’s 55-package npm wave.

What stands out operationally is the shift from “credential theft” toward a toolkit that explicitly harvests AI-coding-assistant state and searches for propagation paths across registries, repositories, and workflow files. Teams should read Leo as evidence that binding.gyp-based install-time execution is now a reusable campaign primitive, not a one-off trick.

CVE-2026-12866: expr-eval turns untrusted formulas into Node.js code execution

The most important pure vulnerability disclosure in this window is CVE-2026-12866, because there is no clean upgrade path yet: every public expr-eval release remains exposed if an application lets untrusted formulas or variables reach toJSFunction(). Dinh Twan Doan deserves credit for the upstream report, and the maintainers deserve credit for keeping the issue public even though the current reality is awkward: this is a design-level trust-boundary failure, not a tidy patch-and-move-on bug. The lesson maps closely to CVE-2026-41242 in protobufjs and the false-safety boundary we called out in Nodemailer’s raw-message bypass.

For AppSec teams, the key takeaway is that “formula engine” is not a safe mental model once the library emits source code and hands it to new Function(). If a product stores user-authored expressions, low-code rules, or reusable scoring formulas, this belongs on the same review list as any other code-execution surface.

Other news: