TanStack/npm Origin-ID Exploit: OIDC Token Theft via OIDC Trusted Publisher
CVE-2026-45321 Published on May 12, 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the forkbase trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
Vulnerability Analysis
CVE-2026-45321 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Embedded Malicious Code
The application contains code that appears to be malicious in nature. Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.
Affected Versions
@tanstack arktype-adapter:- Version 1.166.12 is affected.
- Version 1.166.15 is affected.
- Version 1.161.9 is affected.
- Version 1.161.12 is affected.
- Version 0.0.4 is affected.
- Version 0.0.7 is affected.
- Version 1.161.9 is affected.
- Version 1.161.12 is affected.
- Version 1.154.12 is affected.
- Version 1.154.15 is affected.
- Version 1.169.5 is affected.
- Version 1.169.8 is affected.
- Version 1.166.16 is affected.
- Version 1.166.19 is affected.
- Version 1.166.15 is affected.
- Version 1.166.18 is affected.
- Version 1.167.68 is affected.
- Version 1.167.71 is affected.
- Version 1.166.51 is affected.
- Version 1.166.54 is affected.
- Version 0.0.47 is affected.
- Version 0.0.50 is affected.
- Version 1.166.55 is affected.
- Version 1.166.58 is affected.
- Version 1.166.46 is affected.
- Version 1.166.49 is affected.
- Version 1.169.5 is affected.
- Version 1.169.8 is affected.
- Version 1.166.16 is affected.
- Version 1.166.19 is affected.
- Version 1.167.6 is affected.
- Version 1.167.9 is affected.
- Version 1.166.45 is affected.
- Version 1.166.48 is affected.
- Version 1.167.38 is affected.
- Version 1.167.41 is affected.
- Version 1.168.3 is affected.
- Version 1.168.6 is affected.
- Version 1.161.11 is affected.
- Version 1.161.14 is affected.
- Version 1.166.53 is affected.
- Version 1.166.56 is affected.
- Version 1.169.5 is affected.
- Version 1.169.8 is affected.
- Version 1.166.16 is affected.
- Version 1.166.19 is affected.
- Version 1.166.15 is affected.
- Version 1.166.18 is affected.
- Version 1.167.65 is affected.
- Version 1.167.68 is affected.
- Version 1.166.50 is affected.
- Version 1.166.53 is affected.
- Version 1.166.54 is affected.
- Version 1.166.57 is affected.
- Version 1.168.5 is affected.
- Version 1.168.8 is affected.
- Version 1.161.9 is affected.
- Version 1.161.12 is affected.
- Version 1.169.23 is affected.
- Version 1.169.26 is affected.
- Version 1.167.33 is affected.
- Version 1.167.36 is affected.
- Version 1.166.44 is affected.
- Version 1.166.47 is affected.
- Version 1.166.38 is affected.
- Version 1.166.41 is affected.
- Version 1.166.12 is affected.
- Version 1.166.15 is affected.
- Version 1.161.10 is affected.
- Version 1.161.13 is affected.
- Version 1.169.5 is affected.
- Version 1.169.8 is affected.
- Version 1.166.16 is affected.
- Version 1.166.19 is affected.
- Version 1.166.15 is affected.
- Version 1.166.18 is affected.
- Version 1.167.61 is affected.
- Version 1.167.64 is affected.
- Version 1.166.46 is affected.
- Version 1.166.49 is affected.
- Version 1.166.50 is affected.
- Version 1.166.53 is affected.
- Version 1.166.12 is affected.
- Version 1.166.15 is affected.