Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-45321

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-12 May, 2026 | 00:12
Updated At-12 May, 2026 | 15:16
Rejected At-
Credits

Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:12 May, 2026 | 00:12
Updated At:12 May, 2026 | 15:16
Rejected At:
â–¼CVE Numbering Authority (CNA)
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.

Affected Products
Vendor
@tanstack
Product
arktype-adapter
Versions
Affected
  • 1.166.12
  • 1.166.15
Vendor
@tanstack
Product
eslint-plugin-router
Versions
Affected
  • 1.161.9
  • 1.161.12
Vendor
@tanstack
Product
eslint-plugin-start
Versions
Affected
  • 0.0.4
  • 0.0.7
Vendor
@tanstack
Product
history
Versions
Affected
  • 1.161.9
  • 1.161.12
Vendor
@tanstack
Product
nitro-v2-vite-plugin
Versions
Affected
  • 1.154.12
  • 1.154.15
Vendor
@tanstack
Product
react-router
Versions
Affected
  • 1.169.5
  • 1.169.8
Vendor
@tanstack
Product
react-router-devtools
Versions
Affected
  • 1.166.16
  • 1.166.19
Vendor
@tanstack
Product
react-router-ssr-query
Versions
Affected
  • 1.166.15
  • 1.166.18
Vendor
@tanstack
Product
react-start
Versions
Affected
  • 1.167.68
  • 1.167.71
Vendor
@tanstack
Product
react-start-client
Versions
Affected
  • 1.166.51
  • 1.166.54
Vendor
@tanstack
Product
react-start-rsc
Versions
Affected
  • 0.0.47
  • 0.0.50
Vendor
@tanstack
Product
react-start-server
Versions
Affected
  • 1.166.55
  • 1.166.58
Vendor
@tanstack
Product
router-cli
Versions
Affected
  • 1.166.46
  • 1.166.49
Vendor
@tanstack
Product
router-core
Versions
Affected
  • 1.169.5
  • 1.169.8
Vendor
@tanstack
Product
router-devtools
Versions
Affected
  • 1.166.16
  • 1.166.19
Vendor
@tanstack
Product
router-devtools-core
Versions
Affected
  • 1.167.6
  • 1.167.9
Vendor
@tanstack
Product
router-generator
Versions
Affected
  • 1.166.45
  • 1.166.48
Vendor
@tanstack
Product
router-plugin
Versions
Affected
  • 1.167.38
  • 1.167.41
Vendor
@tanstack
Product
router-ssr-query-core
Versions
Affected
  • 1.168.3
  • 1.168.6
Vendor
@tanstack
Product
router-utils
Versions
Affected
  • 1.161.11
  • 1.161.14
Vendor
@tanstack
Product
outer-vite-plugin
Versions
Affected
  • 1.166.53
  • 1.166.56
Vendor
@tanstack
Product
solid-router
Versions
Affected
  • 1.169.5
  • 1.169.8
Vendor
@tanstack
Product
solid-router-devtools
Versions
Affected
  • 1.166.16
  • 1.166.19
Vendor
@tanstack
Product
solid-router-ssr-query
Versions
Affected
  • 1.166.15
  • 1.166.18
Vendor
@tanstack
Product
solid-start
Versions
Affected
  • 1.167.65
  • 1.167.68
Vendor
@tanstack
Product
solid-start-client
Versions
Affected
  • 1.166.50
  • 1.166.53
Vendor
@tanstack
Product
solid-start-server
Versions
Affected
  • 1.166.54
  • 1.166.57
Vendor
@tanstack
Product
start-client-core
Versions
Affected
  • 1.168.5
  • 1.168.8
Vendor
@tanstack
Product
start-fn-stubs
Versions
Affected
  • 1.161.9
  • 1.161.12
Vendor
@tanstack
Product
start-plugin-core
Versions
Affected
  • 1.169.23
  • 1.169.26
Vendor
@tanstack
Product
start-server-core
Versions
Affected
  • 1.167.33
  • 1.167.36
Vendor
@tanstack
Product
start-static-server-functions
Versions
Affected
  • 1.166.44
  • 1.166.47
Vendor
@tanstack
Product
start-storage-context
Versions
Affected
  • 1.166.38
  • 1.166.41
Vendor
@tanstack
Product
valibot-adapter
Versions
Affected
  • 1.166.12
  • 1.166.15
Vendor
@tanstack
Product
virtual-file-routes
Versions
Affected
  • 1.161.10
  • 1.161.13
Vendor
@tanstack
Product
vue-router
Versions
Affected
  • 1.169.5
  • 1.169.8
Vendor
@tanstack
Product
vue-router-devtools
Versions
Affected
  • 1.166.16
  • 1.166.19
Vendor
@tanstack
Product
vue-router-ssr-query
Versions
Affected
  • 1.166.15
  • 1.166.18
Vendor
@tanstack
Product
vue-start
Versions
Affected
  • 1.167.61
  • 1.167.64
Vendor
@tanstack
Product
vue-start-client
Versions
Affected
  • 1.166.46
  • 1.166.49
Vendor
@tanstack
Product
vue-start-server
Versions
Affected
  • 1.166.50
  • 1.166.53
Vendor
@tanstack
Product
zod-adapter
Versions
Affected
  • 1.166.12
  • 1.166.15
Problem Types
TypeCWE IDDescription
CWECWE-506CWE-506: Embedded Malicious Code
Type: CWE
CWE ID: CWE-506
Description: CWE-506: Embedded Malicious Code
Metrics
VersionBase scoreBase severityVector
3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx
x_refsource_CONFIRM
https://github.com/TanStack/router/issues/7383
x_refsource_MISC
https://tanstack.com/blog/npm-supply-chain-compromise-postmortem
x_refsource_MISC
https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
x_refsource_MISC
Hyperlink: https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/TanStack/router/issues/7383
Resource:
x_refsource_MISC
Hyperlink: https://tanstack.com/blog/npm-supply-chain-compromise-postmortem
Resource:
x_refsource_MISC
Hyperlink: https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:12 May, 2026 | 01:16
Updated At:14 May, 2026 | 17:05

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CPE Matches
tanstack
tanstack
>>tanstack\/arktype-adapter>>1.166.12
cpe:2.3:a:tanstack:tanstack\/arktype-adapter:1.166.12:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/arktype-adapter>>1.166.15
cpe:2.3:a:tanstack:tanstack\/arktype-adapter:1.166.15:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/eslint-plugin-router>>1.161.9
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-router:1.161.9:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/eslint-plugin-router>>1.161.12
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-router:1.161.12:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/eslint-plugin-start>>0.0.4
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-start:0.0.4:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/eslint-plugin-start>>0.0.7
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-start:0.0.7:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/history>>1.161.9
cpe:2.3:a:tanstack:tanstack\/history:1.161.9:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/history>>1.161.12
cpe:2.3:a:tanstack:tanstack\/history:1.161.12:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/nitro-v2-vite-plugin>>1.154.12
cpe:2.3:a:tanstack:tanstack\/nitro-v2-vite-plugin:1.154.12:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/nitro-v2-vite-plugin>>1.154.15
cpe:2.3:a:tanstack:tanstack\/nitro-v2-vite-plugin:1.154.15:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-router>>1.169.5
cpe:2.3:a:tanstack:tanstack\/react-router:1.169.5:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-router>>1.169.8
cpe:2.3:a:tanstack:tanstack\/react-router:1.169.8:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-router-devtools>>1.166.16
cpe:2.3:a:tanstack:tanstack\/react-router-devtools:1.166.16:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-router-devtools>>1.166.19
cpe:2.3:a:tanstack:tanstack\/react-router-devtools:1.166.19:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-router-ssr-query>>1.166.15
cpe:2.3:a:tanstack:tanstack\/react-router-ssr-query:1.166.15:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-router-ssr-query>>1.166.18
cpe:2.3:a:tanstack:tanstack\/react-router-ssr-query:1.166.18:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-start>>1.167.68
cpe:2.3:a:tanstack:tanstack\/react-start:1.167.68:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-start>>1.167.71
cpe:2.3:a:tanstack:tanstack\/react-start:1.167.71:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-start-client>>1.166.51
cpe:2.3:a:tanstack:tanstack\/react-start-client:1.166.51:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-start-client>>1.166.54
cpe:2.3:a:tanstack:tanstack\/react-start-client:1.166.54:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-start-rsc>>0.0.47
cpe:2.3:a:tanstack:tanstack\/react-start-rsc:0.0.47:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-start-rsc>>0.0.50
cpe:2.3:a:tanstack:tanstack\/react-start-rsc:0.0.50:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-start-server>>1.166.55
cpe:2.3:a:tanstack:tanstack\/react-start-server:1.166.55:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/react-start-server>>1.166.58
cpe:2.3:a:tanstack:tanstack\/react-start-server:1.166.58:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-cli>>1.166.46
cpe:2.3:a:tanstack:tanstack\/router-cli:1.166.46:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-cli>>1.166.49
cpe:2.3:a:tanstack:tanstack\/router-cli:1.166.49:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-core>>1.169.5
cpe:2.3:a:tanstack:tanstack\/router-core:1.169.5:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-core>>1.169.8
cpe:2.3:a:tanstack:tanstack\/router-core:1.169.8:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-devtools>>1.166.16
cpe:2.3:a:tanstack:tanstack\/router-devtools:1.166.16:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-devtools>>1.166.19
cpe:2.3:a:tanstack:tanstack\/router-devtools:1.166.19:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-devtools-core>>1.167.6
cpe:2.3:a:tanstack:tanstack\/router-devtools-core:1.167.6:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-devtools-core>>1.167.9
cpe:2.3:a:tanstack:tanstack\/router-devtools-core:1.167.9:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-generator>>1.166.45
cpe:2.3:a:tanstack:tanstack\/router-generator:1.166.45:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-generator>>1.166.48
cpe:2.3:a:tanstack:tanstack\/router-generator:1.166.48:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-plugin>>1.167.38
cpe:2.3:a:tanstack:tanstack\/router-plugin:1.167.38:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-plugin>>1.167.41
cpe:2.3:a:tanstack:tanstack\/router-plugin:1.167.41:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-ssr-query-core>>1.168.3
cpe:2.3:a:tanstack:tanstack\/router-ssr-query-core:1.168.3:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-ssr-query-core>>1.168.6
cpe:2.3:a:tanstack:tanstack\/router-ssr-query-core:1.168.6:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-utils>>1.161.11
cpe:2.3:a:tanstack:tanstack\/router-utils:1.161.11:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-utils>>1.161.14
cpe:2.3:a:tanstack:tanstack\/router-utils:1.161.14:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-vite-plugin>>1.166.53
cpe:2.3:a:tanstack:tanstack\/router-vite-plugin:1.166.53:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/router-vite-plugin>>1.166.56
cpe:2.3:a:tanstack:tanstack\/router-vite-plugin:1.166.56:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/solid-router>>1.169.5
cpe:2.3:a:tanstack:tanstack\/solid-router:1.169.5:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/solid-router>>1.169.8
cpe:2.3:a:tanstack:tanstack\/solid-router:1.169.8:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/solid-router-devtools>>1.166.16
cpe:2.3:a:tanstack:tanstack\/solid-router-devtools:1.166.16:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/solid-router-devtools>>1.166.19
cpe:2.3:a:tanstack:tanstack\/solid-router-devtools:1.166.19:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/solid-router-ssr-query>>1.166.15
cpe:2.3:a:tanstack:tanstack\/solid-router-ssr-query:1.166.15:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/solid-router-ssr-query>>1.166.18
cpe:2.3:a:tanstack:tanstack\/solid-router-ssr-query:1.166.18:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/solid-start>>1.167.65
cpe:2.3:a:tanstack:tanstack\/solid-start:1.167.65:*:*:*:*:node.js:*:*
tanstack
tanstack
>>tanstack\/solid-start>>1.167.68
cpe:2.3:a:tanstack:tanstack\/solid-start:1.167.68:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-506Secondarysecurity-advisories@github.com
CWE ID: CWE-506
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/TanStack/router/issues/7383security-advisories@github.com
Issue Tracking
https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpxsecurity-advisories@github.com
Mitigation
Vendor Advisory
https://tanstack.com/blog/npm-supply-chain-compromise-postmortemsecurity-advisories@github.com
Exploit
Vendor Advisory
https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystemsecurity-advisories@github.com
Exploit
Third Party Advisory
Hyperlink: https://github.com/TanStack/router/issues/7383
Source: security-advisories@github.com
Resource:
Issue Tracking
Hyperlink: https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx
Source: security-advisories@github.com
Resource:
Mitigation
Vendor Advisory
Hyperlink: https://tanstack.com/blog/npm-supply-chain-compromise-postmortem
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
Source: security-advisories@github.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1Records found
CVE-2025-10894
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.08% / 24.51%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 21:20
Updated-20 Nov, 2025 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nx: nx/devkit: malicious versions of nx and plugins published to npm

Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Ansible Automation Platform 2Multicluster Global HubRed Hat Advanced Cluster Management for Kubernetes 2OpenShift Serverless
CWE ID-CWE-506
Embedded Malicious Code
Details not found