TanStack/npm Origin-ID Exploit: OIDC Token Theft via OIDC Trusted Publisher
CVE-2026-45321 Published on May 12, 2026

Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the forkbase trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.

NVD

Vulnerability Analysis

CVE-2026-45321 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Embedded Malicious Code

The application contains code that appears to be malicious in nature. Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.

Affected Versions

@tanstack arktype-adapter:

Version 1.166.12 is affected.
Version 1.166.15 is affected.

@tanstack eslint-plugin-router:

Version 1.161.9 is affected.
Version 1.161.12 is affected.

@tanstack eslint-plugin-start:

Version 0.0.4 is affected.
Version 0.0.7 is affected.

@tanstack history:

Version 1.161.9 is affected.
Version 1.161.12 is affected.

@tanstack nitro-v2-vite-plugin:

Version 1.154.12 is affected.
Version 1.154.15 is affected.

@tanstack react-router:

Version 1.169.5 is affected.
Version 1.169.8 is affected.

@tanstack react-router-devtools:

Version 1.166.16 is affected.
Version 1.166.19 is affected.

@tanstack react-router-ssr-query:

Version 1.166.15 is affected.
Version 1.166.18 is affected.

@tanstack react-start:

Version 1.167.68 is affected.
Version 1.167.71 is affected.

@tanstack react-start-client:

Version 1.166.51 is affected.
Version 1.166.54 is affected.

@tanstack react-start-rsc:

Version 0.0.47 is affected.
Version 0.0.50 is affected.

@tanstack react-start-server:

Version 1.166.55 is affected.
Version 1.166.58 is affected.

@tanstack router-cli:

Version 1.166.46 is affected.
Version 1.166.49 is affected.

@tanstack router-core:

Version 1.169.5 is affected.
Version 1.169.8 is affected.

@tanstack router-devtools:

Version 1.166.16 is affected.
Version 1.166.19 is affected.

@tanstack router-devtools-core:

Version 1.167.6 is affected.
Version 1.167.9 is affected.

@tanstack router-generator:

Version 1.166.45 is affected.
Version 1.166.48 is affected.

@tanstack router-plugin:

Version 1.167.38 is affected.
Version 1.167.41 is affected.

@tanstack router-ssr-query-core:

Version 1.168.3 is affected.
Version 1.168.6 is affected.

@tanstack router-utils:

Version 1.161.11 is affected.
Version 1.161.14 is affected.

@tanstack outer-vite-plugin:

Version 1.166.53 is affected.
Version 1.166.56 is affected.

@tanstack solid-router:

Version 1.169.5 is affected.
Version 1.169.8 is affected.

@tanstack solid-router-devtools:

Version 1.166.16 is affected.
Version 1.166.19 is affected.

@tanstack solid-router-ssr-query:

Version 1.166.15 is affected.
Version 1.166.18 is affected.

@tanstack solid-start:

Version 1.167.65 is affected.
Version 1.167.68 is affected.

@tanstack solid-start-client:

Version 1.166.50 is affected.
Version 1.166.53 is affected.

@tanstack solid-start-server:

Version 1.166.54 is affected.
Version 1.166.57 is affected.

@tanstack start-client-core:

Version 1.168.5 is affected.
Version 1.168.8 is affected.

@tanstack start-fn-stubs:

Version 1.161.9 is affected.
Version 1.161.12 is affected.

@tanstack start-plugin-core:

Version 1.169.23 is affected.
Version 1.169.26 is affected.

@tanstack start-server-core:

Version 1.167.33 is affected.
Version 1.167.36 is affected.

@tanstack start-static-server-functions:

Version 1.166.44 is affected.
Version 1.166.47 is affected.

@tanstack start-storage-context:

Version 1.166.38 is affected.
Version 1.166.41 is affected.

@tanstack valibot-adapter:

Version 1.166.12 is affected.
Version 1.166.15 is affected.

@tanstack virtual-file-routes:

Version 1.161.10 is affected.
Version 1.161.13 is affected.

@tanstack vue-router:

Version 1.169.5 is affected.
Version 1.169.8 is affected.

@tanstack vue-router-devtools:

Version 1.166.16 is affected.
Version 1.166.19 is affected.

@tanstack vue-router-ssr-query:

Version 1.166.15 is affected.
Version 1.166.18 is affected.

@tanstack vue-start:

Version 1.167.61 is affected.
Version 1.167.64 is affected.

@tanstack vue-start-client:

Version 1.166.46 is affected.
Version 1.166.49 is affected.

@tanstack vue-start-server:

Version 1.166.50 is affected.
Version 1.166.53 is affected.

@tanstack zod-adapter:

Version 1.166.12 is affected.
Version 1.166.15 is affected.

TanStack/npm Origin-ID Exploit: OIDC Token Theft via OIDC Trusted PublisherCVE-2026-45321 Published on May 12, 2026

Vulnerability Analysis

Weakness Type

Embedded Malicious Code

Affected Versions

TanStack/npm Origin-ID Exploit: OIDC Token Theft via OIDC Trusted Publisher
CVE-2026-45321 Published on May 12, 2026