CVE-2026-45321— Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
In-the-Wild Activity Observed github_trending · low
Possible ATT&CK Techniques 3AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing Application T1588.005 · ExploitsAffected Version Matrix 84
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| @tanstack | arktype-adapter | 1.166.12 | affected |
1.166.15 | affected | ||
| @tanstack | eslint-plugin-router | 1.161.9 | affected |
1.161.12 | affected | ||
| @tanstack | eslint-plugin-start | 0.0.4 | affected |
0.0.7 | affected | ||
| @tanstack | history | 1.161.9 | affected |
1.161.12 | affected | ||
| @tanstack | nitro-v2-vite-plugin | 1.154.12 | affected |
1.154.15 | affected | ||
| @tanstack | outer-vite-plugin | 1.166.53 | affected |
1.166.56 | affected | ||
| @tanstack | react-router | 1.169.5 | affected |
1.169.8 | affected | ||
| @tanstack | react-router-devtools | 1.166.16 | affected |
1.166.19 | affected | ||
| @tanstack | react-router-ssr-query | 1.166.15 | affected |
1.166.18 | affected | ||
| @tanstack | react-start | 1.167.68 | affected |
1.167.71 | affected | ||
| @tanstack | react-start-client | 1.166.51 | affected |
1.166.54 | affected | ||
| @tanstack | react-start-rsc | 0.0.47 | affected |
0.0.50 | affected | ||
| @tanstack | react-start-server | 1.166.55 | affected |
1.166.58 | affected | ||
| @tanstack | router-cli | 1.166.46 | affected |
1.166.49 | affected | ||
| @tanstack | router-core | 1.169.5 | affected |
1.169.8 | affected | ||
| @tanstack | router-devtools | 1.166.16 | affected |
1.166.19 | affected | ||
| @tanstack | router-devtools-core | 1.167.6 | affected |
1.167.9 | affected | ||
| @tanstack | router-generator | 1.166.45 | affected |
1.166.48 | affected | ||
| @tanstack | router-plugin | 1.167.38 | affected |
1.167.41 | affected | ||
| @tanstack | router-ssr-query-core | 1.168.3 | affected |
1.168.6 | affected | ||
| @tanstack | router-utils | 1.161.11 | affected |
1.161.14 | affected | ||
| @tanstack | solid-router | 1.169.5 | affected |
1.169.8 | affected | ||
| @tanstack | solid-router-devtools | 1.166.16 | affected |
1.166.19 | affected | ||
| @tanstack | solid-router-ssr-query | 1.166.15 | affected |
1.166.18 | affected | ||
| @tanstack | solid-start | 1.167.65 | affected |
1.167.68 | affected | ||
| @tanstack | solid-start-client | 1.166.50 | affected |
1.166.53 | affected | ||
| @tanstack | solid-start-server | 1.166.54 | affected |
1.166.57 | affected | ||
| @tanstack | start-client-core | 1.168.5 | affected |
1.168.8 | affected | ||
| @tanstack | start-fn-stubs | 1.161.9 | affected |
1.161.12 | affected | ||
| @tanstack | start-plugin-core | 1.169.23 | affected |
1.169.26 | affected | ||
| @tanstack | start-server-core | 1.167.33 | affected |
1.167.36 | affected | ||
| @tanstack | start-static-server-functions | 1.166.44 | affected |
1.166.47 | affected | ||
| @tanstack | start-storage-context | 1.166.38 | affected |
1.166.41 | affected | ||
| @tanstack | valibot-adapter | 1.166.12 | affected |
1.166.15 | affected | ||
| @tanstack | virtual-file-routes | 1.161.10 | affected |
1.161.13 | affected | ||
| @tanstack | vue-router | 1.169.5 | affected |
1.169.8 | affected | ||
| @tanstack | vue-router-devtools | 1.166.16 | affected |
1.166.19 | affected | ||
| @tanstack | vue-router-ssr-query | 1.166.15 | affected |
1.166.18 | affected | ||
| @tanstack | vue-start | 1.167.61 | affected |
1.167.64 | affected | ||
| @tanstack | vue-start-client | 1.166.46 | affected |
1.166.49 | affected | ||
| @tanstack | vue-start-server | 1.166.50 | affected |
1.166.53 | affected | ||
| @tanstack | zod-adapter | 1.166.12 | affected |
1.166.15 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45321
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
Source: NVD (National Vulnerability Database)
Vulnerability Description
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
内嵌的恶意代码
Source: NVD (National Vulnerability Database)
Vulnerability Title
TanStack Query 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TanStack Query是TanStack开源的一个开源、功能齐全、支持TypeScript 的库。 TanStack Query存在安全漏洞,该漏洞源于攻击者利用pull_request_target配置错误、GitHub Actions缓存投毒和OIDC令牌内存提取,可能导致发布凭据窃取恶意软件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45321
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 13973 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-45321
请登录查看更多情报信息。
- https://github.com/TanStack/router/issues/7383x_refsource_MISC
- https://tanstack.com/blog/npm-supply-chain-compromise-postmortemx_refsource_MISC
- https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpxx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-45321
IV. Related Vulnerabilities
Same weakness: CWE-506
- CVE-2026-8398
DAEMON Tools Lite 供应链投毒漏洞 - CVE-2026-44484
Compromise of PyTorch Lightning PyPi Package Versions - CVE-2026-6443
Essentialplugin Plugins (Various Versions) - Injected Backdo - CVE-2026-34424
Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Acces - CVE-2026-33634
Trivy ecosystem supply chain briefly compromised
V. Comments for CVE-2026-45321
No comments yet