CVE-2026-45321
CWE-506Published: May 12, 2026· Updated: May 14, 2026
Official Description
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
Risk Analysis
This critical supply chain attack compromised 42 @tanstack/* packages on the npm registry, distributing malicious versions authenticated via legitimate GitHub Actions. Attackers exploited misconfigurations and cache poisoning to publish credential-stealing malware. The CVSS score of 9.6 and its presence in CISA's KEV confirm active exploitation, indicating a severe risk to development pipelines.
This vulnerability is remotely exploitable, requiring user interaction (UI:R) but with low attack complexity (AC:L). Active exploitation has been observed in the wild, as indicated by its 'in_the_wild' exploit status and inclusion in CISA's KEV.
To mitigate this, verify the integrity of all @tanstack/* packages, especially versions published between approximately 19:20 and 19:26 UTC on 2026-05-11. Implement strict security controls for GitHub Actions workflows, including reviewing pull request configurations and cache usage, and regularly audit dependencies.
Technical Analysis
CVE-2026-45321 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation does not require any privileges, though user interaction (Required) is needed, which slightly reduces the risk of mass automated attacks.
A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 9.6.
The vulnerability has a "Changed" scope, meaning successful exploitation can impact components beyond the vulnerable component itself — such as the host operating system or adjacent services.
CISA has added CVE-2026-45321 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
News & Research Mentioning CVE-2026-45321
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-8398 Daemon Tools Lite Embedded Malicious Code Vulnerability CVE-2026-45321 TanStack Unspecified Vulnerability CVE-2026-48027 Nx Console Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Ex [xlite_meta score:54 src:CISA Alerts xlite_fp:93f736e3da005a8483d3ea44d8381d66341beabc9a81cff892a5041019a2649b]
All References (4)
Quick Facts
Related CVEs (CWE-506)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-45321 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts
- !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
- !Active exploitation confirmed — treat as P1