TanStack/npm Origin-ID Exploit: OIDC Token Theft via OIDC Trusted Publisher
CVE-2026-45321 Published on May 12, 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the forkbase trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
Known Exploited Vulnerability
This TanStack Unspecified Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.
The following remediation steps are recommended / required by June 10, 2026: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2026-45321 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Embedded Malicious Code
The application contains code that appears to be malicious in nature. Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.
Affected Versions
@tanstack arktype-adapter:- Version 1.166.12 is affected.
- Version 1.166.15 is affected.
- Version 1.161.9 is affected.
- Version 1.161.12 is affected.
- Version 0.0.4 is affected.
- Version 0.0.7 is affected.
- Version 1.161.9 is affected.
- Version 1.161.12 is affected.
- Version 1.154.12 is affected.
- Version 1.154.15 is affected.
- Version 1.169.5 is affected.
- Version 1.169.8 is affected.
- Version 1.166.16 is affected.
- Version 1.166.19 is affected.
- Version 1.166.15 is affected.
- Version 1.166.18 is affected.
- Version 1.167.68 is affected.
- Version 1.167.71 is affected.
- Version 1.166.51 is affected.
- Version 1.166.54 is affected.
- Version 0.0.47 is affected.
- Version 0.0.50 is affected.
- Version 1.166.55 is affected.
- Version 1.166.58 is affected.
- Version 1.166.46 is affected.
- Version 1.166.49 is affected.
- Version 1.169.5 is affected.
- Version 1.169.8 is affected.
- Version 1.166.16 is affected.
- Version 1.166.19 is affected.
- Version 1.167.6 is affected.
- Version 1.167.9 is affected.
- Version 1.166.45 is affected.
- Version 1.166.48 is affected.
- Version 1.167.38 is affected.
- Version 1.167.41 is affected.
- Version 1.168.3 is affected.
- Version 1.168.6 is affected.
- Version 1.161.11 is affected.
- Version 1.161.14 is affected.
- Version 1.166.53 is affected.
- Version 1.166.56 is affected.
- Version 1.169.5 is affected.
- Version 1.169.8 is affected.
- Version 1.166.16 is affected.
- Version 1.166.19 is affected.
- Version 1.166.15 is affected.
- Version 1.166.18 is affected.
- Version 1.167.65 is affected.
- Version 1.167.68 is affected.
- Version 1.166.50 is affected.
- Version 1.166.53 is affected.
- Version 1.166.54 is affected.
- Version 1.166.57 is affected.
- Version 1.168.5 is affected.
- Version 1.168.8 is affected.
- Version 1.161.9 is affected.
- Version 1.161.12 is affected.
- Version 1.169.23 is affected.
- Version 1.169.26 is affected.
- Version 1.167.33 is affected.
- Version 1.167.36 is affected.
- Version 1.166.44 is affected.
- Version 1.166.47 is affected.
- Version 1.166.38 is affected.
- Version 1.166.41 is affected.
- Version 1.166.12 is affected.
- Version 1.166.15 is affected.
- Version 1.161.10 is affected.
- Version 1.161.13 is affected.
- Version 1.169.5 is affected.
- Version 1.169.8 is affected.
- Version 1.166.16 is affected.
- Version 1.166.19 is affected.
- Version 1.166.15 is affected.
- Version 1.166.18 is affected.
- Version 1.167.61 is affected.
- Version 1.167.64 is affected.
- Version 1.166.46 is affected.
- Version 1.166.49 is affected.
- Version 1.166.50 is affected.
- Version 1.166.53 is affected.
- Version 1.166.12 is affected.
- Version 1.166.15 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.