{
  "canonical_id": "magento-open-source--d462b2a6cb",
  "system_id": "magento-open-source",
  "title": "ConnectPOS leaked Github secrets for years   2026-01-12  Sansec discovered that ConnectPOS has been showing their Github credentials on their site for 4 years. This would enable attackers to slip malicious code into each of the thousands of ConnectPOS retail installations. Sansec recommends to verify integrity of installed code.   skimming   supply-chain   magento   connectpos   +2",
  "reasons": [
    "missing affected/fixed version details"
  ],
  "candidate_count": 1,
  "references": [
    "https://sansec.io/research/connectpos-github-token-exposure"
  ]
}