CVE-2026-45321

Aliases:GHSA-g7cv-rxg3-hmpx
Analyzed
Published: 12 May 2026, 00:12
Last modified:28 May 2026, 03:55

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.6 CRITICAL
v3.1 (cve.org)
EPSS Score
2.34% LOW
2% probability 0.00%
KEV
Listed
CISA
1 listing
Ransomware
Known Use
Public exploits
2 found
Dark Web
Not detected

Timeline

12 May 2026, 00:12
Published
Vulnerability first disclosed
27 May 2026, 00:00
Added to CISA KEV
TanStack Unspecified Vulnerability
28 May 2026, 03:55
Last Modified
Vulnerability information updated
10 Jun 2026, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.

CVSS Metrics

  • v3.1CRITICALScore: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 2.34% Percentile: 82%

Techniques & Countermeasures

  • CWE-506Embedded Malicious Code

    The product contains code that appears to be malicious in nature.

Affected Systems

  • abhishake1supersurkhet\/cli

    0.0.2 | 0.0.3 | 0.0.4 | 0.0.5 | 0.0.6 | 0.0.7

  • abhishake1supersurkhet\/sdk

    0.0.2 | 0.0.3 | 0.0.4 | 0.0.5 | 0.0.6 | 0.0.7

  • abhishake1taskflow-corp\/cli

    0.1.24 | 0.1.25 | 0.1.26 | 0.1.27 | 0.1.28 | 0.1.29

  • agentworkhqagentwork-cli

    0.1.4 | 0.1.5

  • antoinebcxml-toolkit-ts

    1.0.4 | 1.0.5

  • antoinebcxml-toolkit-ts\/preprocessing

    1.0.2 | 1.0.3

  • antoinebcxml-toolkit-ts\/xgboost

    1.0.3 | 1.0.4

  • beproductbeproduct\/nestjs-auth

    0.1.2 | 0.1.3 | 0.1.4 | 0.1.5 | 0.1.6 | 0.1.7 | 0.1.8 | 0.1.9 | 0.1.10 | 0.1.11 | 0.1.12 | 0.1.13 | 0.1.14 | 0.1.15 | 0.1.16 | 0.1.17 | 0.1.19

  • christianalaresgit_branch_selector

    1.3.3 | 1.3.4 | 1.3.5 | 1.3.7

  • christianalaresgit-git-git

    1.0.8 | 1.0.9 | 1.0.10 | 1.0.12

  • christianalaresnextmove-mcp

    0.1.3 | 0.1.4 | 0.1.5 | 0.1.7

  • christianalarestolka\/cli

    1.0.2 | 1.0.3 | 1.0.4 | 1.0.6

  • dirigibledirigible-ai\/sdk

    0.6.2 | 0.6.3

  • guardrailsaiguardrails_ai

    0.10.1

  • kilbottallyui\/components

    1.0.1 | 1.0.2 | 1.0.3

  • kilbottallyui\/connector-medusa

    1.0.1 | 1.0.2 | 1.0.3

  • kilbottallyui\/connector-shopify

    1.0.1 | 1.0.2 | 1.0.3

  • kilbottallyui\/connector-vendure

    1.0.1 | 1.0.2 | 1.0.3

  • kilbottallyui\/connector-woocommerce

    1.0.1 | 1.0.2 | 1.0.3

  • kilbottallyui\/core

    0.2.1 | 0.2.2 | 0.2.3

  • kilbottallyui\/database

    1.0.1 | 1.0.2 | 1.0.3

  • kilbottallyui\/pos

    0.1.1 | 0.1.2 | 0.1.3

  • kilbottallyui\/storage-sqlite

    0.2.1 | 0.2.2 | 0.2.3

  • kilbottallyui\/theme

    0.2.1 | 0.2.2 | 0.2.3

  • linuxfoundationopensearch

    3.6.2

  • matheuspergolidraftauth\/client

    0.2.1 | 0.2.2

  • matheuspergolidraftauth\/core

    0.13.1 | 0.13.2

  • matheuspergolidraftlab\/auth

    0.24.1 | 0.24.2

  • matheuspergolidraftlab\/auth-router

    0.5.1 | 0.5.2

  • matheuspergolidraftlab\/db

    0.16.1 | 0.16.2

  • matheuspergolisimple_type-safe_actions

    0.8.3 | 0.8.4

  • mesamesadev\/rest

    0.28.3

  • mesamesadev\/saguaro

    0.4.22

  • mesamesadev\/sdk

    0.28.3

  • mistralmistralai

    2.4.6

  • mistralmistralai\/mistralai

    2.2.3 | 2.2.4

  • mistralmistralai\/mistralai-azure

    1.7.2 | 1.7.3

  • mistralmistralai\/mistralai-gcp

    1.7.2 | 1.7.3

  • multiagentcognitioncmux-agent-mcp

    0.1.3 | 0.1.4 | 0.1.5 | 0.1.6 | 0.1.7 | 0.1.8

  • neilcochrancross-stitch

    1.1.3 | 1.1.4 | 1.1.6

  • neilcochransquawk\/airports

    0.6.2 | 0.6.3 | 0.6.5

  • neilcochransquawk\/airspace

    0.8.1 | 0.8.2 | 0.8.4

  • neilcochransquawk\/airspace-data

    0.5.3 | 0.5.4 | 0.5.6

  • neilcochransquawk\/airway-data

    0.5.4 | 0.5.5 | 0.5.7

  • neilcochransquawk\/airways

    0.4.2 | 0.4.3 | 0.4.5

  • neilcochransquawk\/fix-data

    0.6.4 | 0.6.5 | 0.6.7

  • neilcochransquawk\/fixes

    0.3.2 | 0.3.3 | 0.3.5

  • neilcochransquawk\/flight-math

    0.5.4 | 0.5.5 | 0.5.7

  • neilcochransquawk\/flightplan

    0.5.2 | 0.5.3 | 0.5.5

  • neilcochransquawk\/geo

    0.4.4 | 0.4.5 | 0.4.7

Showing first 50 affected entries in server-rendered view.

References (8)