Vulnerability Description
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tanstack | Tanstack\/Arktype-Adapter | 1.166.12 |
| Tanstack | Tanstack\/Eslint-Plugin-Router | 1.161.9 |
| Tanstack | Tanstack\/Eslint-Plugin-Start | 0.0.4 |
| Tanstack | Tanstack\/History | 1.161.9 |
| Tanstack | Tanstack\/Nitro-V2-Vite-Plugin | 1.154.12 |
| Tanstack | Tanstack\/React-Router | 1.169.5 |
| Tanstack | Tanstack\/React-Router-Devtools | 1.166.16 |
| Tanstack | Tanstack\/React-Router-Ssr-Query | 1.166.15 |
| Tanstack | Tanstack\/React-Start | 1.167.68 |
| Tanstack | Tanstack\/React-Start-Client | 1.166.51 |
| Tanstack | Tanstack\/React-Start-Rsc | 0.0.47 |
| Tanstack | Tanstack\/React-Start-Server | 1.166.55 |
| Tanstack | Tanstack\/Router-Cli | 1.166.46 |
| Tanstack | Tanstack\/Router-Core | 1.169.5 |
| Tanstack | Tanstack\/Router-Devtools | 1.166.16 |
| Tanstack | Tanstack\/Router-Devtools-Core | 1.167.6 |
| Tanstack | Tanstack\/Router-Generator | 1.166.45 |
| Tanstack | Tanstack\/Router-Plugin | 1.167.38 |
| Tanstack | Tanstack\/Router-Ssr-Query-Core | 1.168.3 |
| Tanstack | Tanstack\/Router-Utils | 1.161.11 |
Related Weaknesses (CWE)
References
- https://github.com/TanStack/router/issues/7383Issue Tracking
- https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpxMitigationVendor Advisory
- https://tanstack.com/blog/npm-supply-chain-compromise-postmortemExploitVendor Advisory
- https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supplyExploitThird Party Advisory
FAQ
What is CVE-2026-45321?
CVE-2026-45321 is a vulnerability with a CVSS score of 9.6 (CRITICAL). On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate G...
How severe is CVE-2026-45321?
CVE-2026-45321 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-45321?
Check the references section above for vendor advisories and patch information. Affected products include: Tanstack Tanstack\/Arktype-Adapter, Tanstack Tanstack\/Eslint-Plugin-Router, Tanstack Tanstack\/Eslint-Plugin-Start, Tanstack Tanstack\/History, Tanstack Tanstack\/Nitro-V2-Vite-Plugin.