TanStack/npm Origin-ID Exploit: OIDC Token Theft via OIDC Trusted Publisher
CVE-2026-45321 Published on May 12, 2026

Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the forkbase trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.

NVD

Known Exploited Vulnerability

This TanStack Unspecified Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.

The following remediation steps are recommended / required by June 10, 2026: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2026-45321 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Embedded Malicious Code

The application contains code that appears to be malicious in nature. Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.


Affected Versions

@tanstack arktype-adapter: @tanstack eslint-plugin-router: @tanstack eslint-plugin-start: @tanstack history: @tanstack nitro-v2-vite-plugin: @tanstack react-router: @tanstack react-router-devtools: @tanstack react-router-ssr-query: @tanstack react-start: @tanstack react-start-client: @tanstack react-start-rsc: @tanstack react-start-server: @tanstack router-cli: @tanstack router-core: @tanstack router-devtools: @tanstack router-devtools-core: @tanstack router-generator: @tanstack router-plugin: @tanstack router-ssr-query-core: @tanstack router-utils: @tanstack outer-vite-plugin: @tanstack solid-router: @tanstack solid-router-devtools: @tanstack solid-router-ssr-query: @tanstack solid-start: @tanstack solid-start-client: @tanstack solid-start-server: @tanstack start-client-core: @tanstack start-fn-stubs: @tanstack start-plugin-core: @tanstack start-server-core: @tanstack start-static-server-functions: @tanstack start-storage-context: @tanstack valibot-adapter: @tanstack virtual-file-routes: @tanstack vue-router: @tanstack vue-router-devtools: @tanstack vue-router-ssr-query: @tanstack vue-start: @tanstack vue-start-client: @tanstack vue-start-server: @tanstack zod-adapter:

Exploit Probability

EPSS
1.60%
Percentile
72.65%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.