CVE-2026-45321

EUVD-2026-29352
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.6 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
tanstacktanstack/arktype-adapter
1.166.12
tanstacktanstack/arktype-adapter
1.166.15
tanstacktanstack/eslint-plugin-router
1.161.9
tanstacktanstack/eslint-plugin-router
1.161.12
tanstacktanstack/eslint-plugin-start
0.0.4
tanstacktanstack/eslint-plugin-start
0.0.7
tanstacktanstack/history
1.161.9
tanstacktanstack/history
1.161.12
tanstacktanstack/nitro-v2-vite-plugin
1.154.12
tanstacktanstack/nitro-v2-vite-plugin
1.154.15
tanstacktanstack/react-router
1.169.5
tanstacktanstack/react-router
1.169.8
tanstacktanstack/react-router-devtools
1.166.16
tanstacktanstack/react-router-devtools
1.166.19
tanstacktanstack/react-router-ssr-query
1.166.15
tanstacktanstack/react-router-ssr-query
1.166.18
tanstacktanstack/react-start
1.167.68
tanstacktanstack/react-start
1.167.71
tanstacktanstack/react-start-client
1.166.51
tanstacktanstack/react-start-client
1.166.54
tanstacktanstack/react-start-rsc
0.0.47
tanstacktanstack/react-start-rsc
0.0.50
tanstacktanstack/react-start-server
1.166.55
tanstacktanstack/react-start-server
1.166.58
tanstacktanstack/router-cli
1.166.46
tanstacktanstack/router-cli
1.166.49
tanstacktanstack/router-core
1.169.5
tanstacktanstack/router-core
1.169.8
tanstacktanstack/router-devtools
1.166.16
tanstacktanstack/router-devtools
1.166.19
tanstacktanstack/router-devtools-core
1.167.6
tanstacktanstack/router-devtools-core
1.167.9
tanstacktanstack/router-generator
1.166.45
tanstacktanstack/router-generator
1.166.48
tanstacktanstack/router-plugin
1.167.38
tanstacktanstack/router-plugin
1.167.41
tanstacktanstack/router-ssr-query-core
1.168.3
tanstacktanstack/router-ssr-query-core
1.168.6
tanstacktanstack/router-utils
1.161.11
tanstacktanstack/router-utils
1.161.14
tanstacktanstack/router-vite-plugin
1.166.53
tanstacktanstack/router-vite-plugin
1.166.56
tanstacktanstack/solid-router
1.169.5
tanstacktanstack/solid-router
1.169.8
tanstacktanstack/solid-router-devtools
1.166.16
tanstacktanstack/solid-router-devtools
1.166.19
tanstacktanstack/solid-router-ssr-query
1.166.15
tanstacktanstack/solid-router-ssr-query
1.166.18
tanstacktanstack/solid-start
1.167.65
tanstacktanstack/solid-start
1.167.68
tanstacktanstack/solid-start-client
1.166.50
tanstacktanstack/solid-start-client
1.166.53
tanstacktanstack/solid-start-server
1.166.54
tanstacktanstack/solid-start-server
1.166.57
tanstacktanstack/start-client-core
1.168.5
tanstacktanstack/start-client-core
1.168.8
tanstacktanstack/start-fn-stubs
1.161.9
tanstacktanstack/start-fn-stubs
1.161.12
tanstacktanstack/start-plugin-core
1.169.23
tanstacktanstack/start-plugin-core
1.169.26
tanstacktanstack/start-server-core
1.167.33
tanstacktanstack/start-server-core
1.167.36
tanstacktanstack/start-static-server-functions
1.166.44
tanstacktanstack/start-static-server-functions
1.166.47
tanstacktanstack/start-storage-context
1.166.38
tanstacktanstack/start-storage-context
1.166.41
tanstacktanstack/valibot-adapter
1.166.12
tanstacktanstack/valibot-adapter
1.166.15
tanstacktanstack/virtual-file-routes
1.161.10
tanstacktanstack/virtual-file-routes
1.161.13
tanstacktanstack/vue-router
1.169.5
tanstacktanstack/vue-router
1.169.8
tanstacktanstack/vue-router-devtools
1.166.16
tanstacktanstack/vue-router-devtools
1.166.19
tanstacktanstack/vue-router-ssr-query
1.166.15
tanstacktanstack/vue-router-ssr-query
1.166.18
tanstacktanstack/vue-start
1.167.61
tanstacktanstack/vue-start
1.167.64
tanstacktanstack/vue-start-client
1.166.46
tanstacktanstack/vue-start-client
1.166.49
tanstacktanstack/vue-start-server
1.166.50
tanstacktanstack/vue-start-server
1.166.53
tanstacktanstack/zod-adapter
1.166.12
tanstacktanstack/zod-adapter
1.166.15
mistralmistralai
2.4.6
mistralmistralai/mistralai
2.2.3
mistralmistralai/mistralai
2.2.4
mistralmistralai/mistralai-azure
1.7.2
mistralmistralai/mistralai-azure
1.7.3
mistralmistralai/mistralai-gcp
1.7.2
mistralmistralai/mistralai-gcp
1.7.3
antoinebcxml-toolkit-ts
1.0.4
antoinebcxml-toolkit-ts
1.0.5
antoinebcxml-toolkit-ts/preprocessing
1.0.2
antoinebcxml-toolkit-ts/preprocessing
1.0.3
antoinebcxml-toolkit-ts/xgboost
1.0.3
antoinebcxml-toolkit-ts/xgboost
1.0.4
beproductbeproduct/nestjs-auth
0.1.2
beproductbeproduct/nestjs-auth
0.1.3
beproductbeproduct/nestjs-auth
0.1.4
beproductbeproduct/nestjs-auth
0.1.5
beproductbeproduct/nestjs-auth
0.1.6
beproductbeproduct/nestjs-auth
0.1.7
beproductbeproduct/nestjs-auth
0.1.8
beproductbeproduct/nestjs-auth
0.1.9
beproductbeproduct/nestjs-auth
0.1.10
beproductbeproduct/nestjs-auth
0.1.11
beproductbeproduct/nestjs-auth
0.1.12
beproductbeproduct/nestjs-auth
0.1.13
beproductbeproduct/nestjs-auth
0.1.14
beproductbeproduct/nestjs-auth
0.1.15
beproductbeproduct/nestjs-auth
0.1.16
beproductbeproduct/nestjs-auth
0.1.17
beproductbeproduct/nestjs-auth
0.1.19
christianalaresgit-git-git
1.0.8
christianalaresgit-git-git
1.0.9
christianalaresgit-git-git
1.0.10
christianalaresgit-git-git
1.0.12
christianalaresgit_branch_selector
1.3.3
christianalaresgit_branch_selector
1.3.4
christianalaresgit_branch_selector
1.3.5
christianalaresgit_branch_selector
1.3.7
christianalaresnextmove-mcp
0.1.3
christianalaresnextmove-mcp
0.1.4
christianalaresnextmove-mcp
0.1.5
christianalaresnextmove-mcp
0.1.7
christianalarestolka/cli
1.0.2
christianalarestolka/cli
1.0.3
christianalarestolka/cli
1.0.4
christianalarestolka/cli
1.0.6
multiagentcognitioncmux-agent-mcp
0.1.3
multiagentcognitioncmux-agent-mcp
0.1.4
multiagentcognitioncmux-agent-mcp
0.1.5
multiagentcognitioncmux-agent-mcp
0.1.6
multiagentcognitioncmux-agent-mcp
0.1.7
multiagentcognitioncmux-agent-mcp
0.1.8
abhishake1supersurkhet/cli
0.0.2
abhishake1supersurkhet/cli
0.0.3
abhishake1supersurkhet/cli
0.0.4
abhishake1supersurkhet/cli
0.0.5
abhishake1supersurkhet/cli
0.0.6
abhishake1supersurkhet/cli
0.0.7
abhishake1supersurkhet/sdk
0.0.2
abhishake1supersurkhet/sdk
0.0.3
abhishake1supersurkhet/sdk
0.0.4
abhishake1supersurkhet/sdk
0.0.5
abhishake1supersurkhet/sdk
0.0.6
abhishake1supersurkhet/sdk
0.0.7
abhishake1taskflow-corp/cli
0.1.24
abhishake1taskflow-corp/cli
0.1.25
abhishake1taskflow-corp/cli
0.1.26
abhishake1taskflow-corp/cli
0.1.27
abhishake1taskflow-corp/cli
0.1.28
abhishake1taskflow-corp/cli
0.1.29
kilbottallyui/components
1.0.1
kilbottallyui/components
1.0.2
kilbottallyui/components
1.0.3
kilbottallyui/connector-medusa
1.0.1
kilbottallyui/connector-medusa
1.0.2
kilbottallyui/connector-medusa
1.0.3
kilbottallyui/connector-shopify
1.0.1
kilbottallyui/connector-shopify
1.0.2
kilbottallyui/connector-shopify
1.0.3
kilbottallyui/connector-vendure
1.0.1
kilbottallyui/connector-vendure
1.0.2
kilbottallyui/connector-vendure
1.0.3
kilbottallyui/connector-woocommerce
1.0.1
kilbottallyui/connector-woocommerce
1.0.2
kilbottallyui/connector-woocommerce
1.0.3
kilbottallyui/core
0.2.1
kilbottallyui/core
0.2.2
kilbottallyui/core
0.2.3
kilbottallyui/database
1.0.1
kilbottallyui/database
1.0.2
kilbottallyui/database
1.0.3
kilbottallyui/pos
0.1.1
kilbottallyui/pos
0.1.2
kilbottallyui/pos
0.1.3
kilbottallyui/storage-sqlite
0.2.1
kilbottallyui/storage-sqlite
0.2.2
kilbottallyui/storage-sqlite
0.2.3
kilbottallyui/theme
0.2.1
kilbottallyui/theme
0.2.2
kilbottallyui/theme
0.2.3
matheuspergolidraftauth/client
0.2.1
matheuspergolidraftauth/client
0.2.2
matheuspergolidraftauth/core
0.13.1
matheuspergolidraftauth/core
0.13.2
matheuspergolidraftlab/auth
0.24.1
matheuspergolidraftlab/auth
0.24.2
matheuspergolidraftlab/auth-router
0.5.1
matheuspergolidraftlab/auth-router
0.5.2
matheuspergolidraftlab/db
0.16.1
matheuspergolidraftlab/db
0.16.2
matheuspergolisimple_type-safe_actions
0.8.3
matheuspergolisimple_type-safe_actions
0.8.4
neilcochrancross-stitch
1.1.3
neilcochrancross-stitch
1.1.4
neilcochrancross-stitch
1.1.6
neilcochransquawk/airports
0.6.2
neilcochransquawk/airports
0.6.3
neilcochransquawk/airports
0.6.5
neilcochransquawk/airspace
0.8.1
neilcochransquawk/airspace
0.8.2
neilcochransquawk/airspace
0.8.4
neilcochransquawk/airspace-data
0.5.3
neilcochransquawk/airspace-data
0.5.4
neilcochransquawk/airspace-data
0.5.6
neilcochransquawk/airway-data
0.5.4
neilcochransquawk/airway-data
0.5.5
neilcochransquawk/airway-data
0.5.7
neilcochransquawk/airways
0.4.2
neilcochransquawk/airways
0.4.3
neilcochransquawk/airways
0.4.5
neilcochransquawk/fix-data
0.6.4
neilcochransquawk/fix-data
0.6.5
neilcochransquawk/fix-data
0.6.7
neilcochransquawk/fixes
0.3.2
neilcochransquawk/fixes
0.3.3
neilcochransquawk/fixes
0.3.5
neilcochransquawk/flight-math
0.5.4
neilcochransquawk/flight-math
0.5.5
neilcochransquawk/flight-math
0.5.7
neilcochransquawk/flightplan
0.5.2
neilcochransquawk/flightplan
0.5.3
neilcochransquawk/flightplan
0.5.5
neilcochransquawk/geo
0.4.4
neilcochransquawk/geo
0.4.5
neilcochransquawk/geo
0.4.7
neilcochransquawk/icao-registry
0.5.2
neilcochransquawk/icao-registry
0.5.3
neilcochransquawk/icao-registry
0.5.5
neilcochransquawk/icao-registry-data
0.8.4
neilcochransquawk/icao-registry-data
0.8.5
neilcochransquawk/icao-registry-data
0.8.7
neilcochransquawk/mcp
0.9.1
neilcochransquawk/mcp
0.9.2
neilcochransquawk/mcp
0.9.4
neilcochransquawk/navaid-data
0.6.4
neilcochransquawk/navaid-data
0.6.5
neilcochransquawk/navaid-data
0.6.7
neilcochransquawk/navaids
0.4.2
neilcochransquawk/navaids
0.4.3
neilcochransquawk/navaids
0.4.5
neilcochransquawk/notams
0.3.6
neilcochransquawk/notams
0.3.7
neilcochransquawk/notams
0.3.9
neilcochransquawk/procedure-data
0.7.3
neilcochransquawk/procedure-data
0.7.4
neilcochransquawk/procedure-data
0.7.6
neilcochransquawk/procedures
0.5.2
neilcochransquawk/procedures
0.5.3
neilcochransquawk/procedures
0.5.5
neilcochransquawk/types
0.8.1
neilcochransquawk/types
0.8.2
neilcochransquawk/types
0.8.4
neilcochransquawk/units
0.4.3
neilcochransquawk/units
0.4.4
neilcochransquawk/units
0.4.6
neilcochransquawk/weather
0.5.6
neilcochransquawk/weather
0.5.7
neilcochransquawk/weather
0.5.9
neilcochrants-dna
3.0.1
neilcochrants-dna
3.0.2
neilcochrants-dna
3.0.4
neilcochranwot-api
0.8.1
neilcochranwot-api
0.8.2
neilcochranwot-api
0.8.4
agentworkhqagentwork-cli
0.1.4
agentworkhqagentwork-cli
0.1.5
dirigibledirigible-ai/sdk
0.6.2
dirigibledirigible-ai/sdk
0.6.3
guardrailsaiguardrails_ai
0.10.1
linuxfoundationopensearch
3.6.2
mesamesadev/rest
0.28.3
mesamesadev/saguaro
0.4.22
mesamesadev/sdk
0.28.3
uipathuipath/access-policy-sdk
0.3.1
uipathuipath/access-policy-tool
0.3.1
uipathuipath/admin-tool
0.1.1
uipathuipath/agent-sdk
1.0.2
uipathuipath/agent-tool
1.0.1
uipathuipath/agent.sdk
0.0.18
uipathuipath/aops-policy-tool
0.3.1
uipathuipath/ap-chat
1.5.7
uipathuipath/api-workflow-tool
1.0.1
uipathuipath/apollo-core
5.9.2
uipathuipath/apollo-react
4.24.5
uipathuipath/apollo-wind
2.16.2
uipathuipath/auth
1.0.1
uipathuipath/case-tool
1.0.1
uipathuipath/cli
1.0.1
uipathuipath/codedagent-tool
1.0.1
uipathuipath/codedagents-tool
0.1.12
uipathuipath/codedapp-tool
1.0.1
uipathuipath/common
1.0.1
uipathuipath/context-grounding-tool
0.1.1
uipathuipath/data-fabric-tool
1.0.2
uipathuipath/docsai-tool
1.0.1
uipathuipath/filesystem
1.0.1
uipathuipath/flow-tool
1.0.2
uipathuipath/functions-tool
1.0.1
uipathuipath/gov-tool
0.3.1
uipathuipath/identity-tool
0.1.1
uipathuipath/insights-sdk
1.0.1
uipathuipath/insights-tool
1.0.1
uipathuipath/integrationservice-sdk
1.0.2
uipathuipath/integrationservice-tool
1.0.2
uipathuipath/llmgw-tool
1.0.1
uipathuipath/maestro-sdk
1.0.1
uipathuipath/maestro-tool
1.0.1
uipathuipath/orchestrator-tool
1.0.1
uipathuipath/packager-tool-apiworkflow
0.0.19
uipathuipath/packager-tool-bpmn
0.0.9
uipathuipath/packager-tool-case
0.0.9
uipathuipath/packager-tool-connector
0.0.19
uipathuipath/packager-tool-flow
0.0.19
uipathuipath/packager-tool-functions
0.1.1
uipathuipath/packager-tool-webapp
1.0.6
uipathuipath/packager-tool-workflowcompiler
0.0.16
uipathuipath/packager-tool-workflowcompiler-browser
0.0.34
uipathuipath/platform-tool
1.0.1
uipathuipath/project-packager
1.1.16
uipathuipath/resource-tool
1.0.1
uipathuipath/resourcecatalog-tool
0.1.1
uipathuipath/resources-tool
0.1.11
uipathuipath/robot
1.3.4
uipathuipath/rpa-legacy-tool
1.0.1
uipathuipath/rpa-tool
0.9.5
uipathuipath/solution-packager
0.0.35
uipathuipath/solution-tool
1.0.1
uipathuipath/solutionpackager-sdk
1.0.11
uipathuipath/solutionpackager-tool-core
0.0.34
uipathuipath/tasks-tool
1.0.1
uipathuipath/telemetry
0.0.7
uipathuipath/test-manager-tool
1.0.2
uipathuipath/tool-workflowcompiler
0.0.12
uipathuipath/traces-tool
1.0.1
uipathuipath/ui-widgets-multi-file-upload
1.0.1
uipathuipath/uipath-python-bridge
1.0.1
uipathuipath/vertical-solutions-tool
1.0.1
uipathuipath/vss
0.1.6
uipathuipath/widget.sdk
1.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/TanStack/router/issues/7383
https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx
https://tanstack.com/blog/npm-supply-chain-compromise-postmortem
https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321