CVE-2026-45321

Description

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.

CVSS Metrics

• v3.1•CRITICAL•Score: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 15.09%• Percentile: 95%

Techniques & Countermeasures

• CWE-506•Embedded Malicious Code

  The product contains code that appears to be malicious in nature.

Affected Systems

• @tanstack•arktype-adapter

  ≥ 1.166.12, < 1.166.16 | ≥ 1.166.15, < 1.166.16

• @tanstack•eslint-plugin-router

  ≥ 1.161.9, < 1.161.13 | ≥ 1.161.12, < 1.161.13

• @tanstack•eslint-plugin-start

  ≥ 0.0.4, < 0.0.8 | ≥ 0.0.7, < 0.0.8

• @tanstack•history

  ≥ 1.161.9, < 1.161.13 | ≥ 1.161.12, < 1.161.13

• @tanstack•nitro-v2-vite-plugin

  ≥ 1.154.12, < 1.154.16 | ≥ 1.154.15, < 1.154.16

• @tanstack•react-router

  ≥ 1.169.5, < 1.169.9 | ≥ 1.169.8, < 1.169.9

• @tanstack•react-router-devtools

  ≥ 1.166.16, < 1.166.20 | ≥ 1.166.19, < 1.166.20

• @tanstack•react-router-ssr-query

  ≥ 1.166.15, < 1.166.19 | ≥ 1.166.18, < 1.166.19

• @tanstack•react-start

  ≥ 1.167.68, < 1.167.72 | ≥ 1.167.71, < 1.167.72

• @tanstack•react-start-client

  ≥ 1.166.51, < 1.166.55 | ≥ 1.166.54, < 1.166.55

• @tanstack•react-start-rsc

  ≥ 0.0.47, < 0.0.51 | ≥ 0.0.50, < 0.0.51

• @tanstack•react-start-server

  ≥ 1.166.55, < 1.166.59 | ≥ 1.166.58, < 1.166.59

• @tanstack•router-cli

  ≥ 1.166.46, < 1.166.50 | ≥ 1.166.49, < 1.166.50

• @tanstack•router-core

  ≥ 1.169.5, < 1.169.9 | ≥ 1.169.8, < 1.169.9

• @tanstack•router-devtools

  ≥ 1.166.16, < 1.166.20 | ≥ 1.166.19, < 1.166.20

• @tanstack•router-devtools-core

  ≥ 1.167.6, < 1.167.10 | ≥ 1.167.9, < 1.167.10

• @tanstack•router-generator

  ≥ 1.166.45, < 1.166.49 | ≥ 1.166.48, < 1.166.49

• @tanstack•router-plugin

  ≥ 1.167.38, < 1.167.42 | ≥ 1.167.41, < 1.167.42

• @tanstack•router-ssr-query-core

  ≥ 1.168.3, < 1.168.7 | ≥ 1.168.6, < 1.168.7

• @tanstack•router-utils

  ≥ 1.161.11, < 1.161.15 | ≥ 1.161.14, < 1.161.15

• @tanstack•router-vite-plugin

  ≥ 1.166.53, < 1.166.57 | ≥ 1.166.56, < 1.166.57

• @tanstack•solid-router

  ≥ 1.169.5, < 1.169.9 | ≥ 1.169.8, < 1.169.9

• @tanstack•solid-router-devtools

  ≥ 1.166.16, < 1.166.20 | ≥ 1.166.19, < 1.166.20

• @tanstack•solid-router-ssr-query

  ≥ 1.166.15, < 1.166.19 | ≥ 1.166.18, < 1.166.19

• @tanstack•solid-start

  ≥ 1.167.65, < 1.167.69 | ≥ 1.167.68, < 1.167.69

• @tanstack•solid-start-client

  ≥ 1.166.50, < 1.166.54 | ≥ 1.166.53, < 1.166.54

• @tanstack•solid-start-server

  ≥ 1.166.54, < 1.166.58 | ≥ 1.166.57, < 1.166.58

• @tanstack•start-client-core

  ≥ 1.168.5, < 1.168.9 | ≥ 1.168.8, < 1.168.9

• @tanstack•start-fn-stubs

  ≥ 1.161.9, < 1.161.13 | ≥ 1.161.12, < 1.161.13

• @tanstack•start-plugin-core

  ≥ 1.169.23, < 1.169.27 | ≥ 1.169.26, < 1.169.27

• @tanstack•start-server-core

  ≥ 1.167.33, < 1.167.37 | ≥ 1.167.36, < 1.167.37

• @tanstack•start-static-server-functions

  ≥ 1.166.44, < 1.166.48 | ≥ 1.166.47, < 1.166.48

• @tanstack•start-storage-context

  ≥ 1.166.38, < 1.166.42 | ≥ 1.166.41, < 1.166.42

• @tanstack•valibot-adapter

  ≥ 1.166.12, < 1.166.16 | ≥ 1.166.15, < 1.166.16

• @tanstack•virtual-file-routes

  ≥ 1.161.10, < 1.161.14 | ≥ 1.161.13, < 1.161.14

• @tanstack•vue-router

  ≥ 1.169.5, < 1.169.9 | ≥ 1.169.8, < 1.169.9

• @tanstack•vue-router-devtools

  ≥ 1.166.16, < 1.166.20 | ≥ 1.166.19, < 1.166.20

• @tanstack•vue-router-ssr-query

  ≥ 1.166.15, < 1.166.19 | ≥ 1.166.18, < 1.166.19

• @tanstack•vue-start

  ≥ 1.167.61, < 1.167.65 | ≥ 1.167.64, < 1.167.65

• @tanstack•vue-start-client

  ≥ 1.166.46, < 1.166.50 | ≥ 1.166.49, < 1.166.50

• @tanstack•vue-start-server

  ≥ 1.166.50, < 1.166.54 | ≥ 1.166.53, < 1.166.54

• @tanstack•zod-adapter

  ≥ 1.166.12, < 1.166.16 | ≥ 1.166.15, < 1.166.16

• @tanstack•arktype-adapter

  1.166.12 | 1.166.15

• @tanstack•eslint-plugin-router

  1.161.9 | 1.161.12

• @tanstack•eslint-plugin-start

  0.0.4 | 0.0.7

• @tanstack•history

  1.161.9 | 1.161.12

• @tanstack•nitro-v2-vite-plugin

  1.154.12 | 1.154.15

• @tanstack•outer-vite-plugin

  1.166.53 | 1.166.56

• @tanstack•react-router

  1.169.5 | 1.169.8

• @tanstack•react-router-devtools

  1.166.16 | 1.166.19

Showing first 50 affected entries in server-rendered view.

References (8)

• https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx
• https://github.com/TanStack/router/issues/7383
• https://github.com/TanStack/router
• https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
• https://tanstack.com/blog/npm-supply-chain-compromise-postmortem
• https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
• https://nvd.nist.gov/vuln/detail/CVE-2026-45321
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321