CVE-2026-45321
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
In short
Malicious versions of 42 popular TanStack npm packages were secretly published and contained malware that steals cloud credentials, GitHub tokens, and SSH keys from developers' computers. This is critical because developers using these packages unknowingly installed code that compromised their security credentials.
Technical detail
An attacker exploited a pull_request_target GitHub Actions misconfiguration combined with cache poisoning across fork boundaries to extract the OIDC token from the runner process, then used this legitimate credential to publish malicious package versions to npm. The malware exfiltrates sensitive credentials (cloud keys, GitHub tokens, SSH keys) from the host environment, affecting any developer who installed the compromised versions during the publication window.
Summary generated and translated by AI from the official description.
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
@tanstack · arktype-adapter@tanstack · eslint-plugin-router@tanstack · eslint-plugin-start@tanstack · history@tanstack · nitro-v2-vite-plugin@tanstack · outer-vite-plugin@tanstack · react-router@tanstack · react-router-devtools@tanstack · react-router-ssr-query@tanstack · react-start@tanstack · react-start-client@tanstack · react-start-rsc@tanstack · react-start-server@tanstack · router-cli@tanstack · router-core@tanstack · router-devtools@tanstack · router-devtools-core@tanstack · router-generator@tanstack · router-plugin@tanstack · router-ssr-query-core@tanstack · router-utils@tanstack · solid-router@tanstack · solid-router-devtools@tanstack · solid-router-ssr-query@tanstack · solid-start@tanstack · solid-start-client@tanstack · solid-start-server@tanstack · start-client-core@tanstack · start-fn-stubs@tanstack · start-plugin-core@tanstack · start-server-core@tanstack · start-static-server-functions@tanstack · start-storage-context@tanstack · valibot-adapter@tanstack · virtual-file-routes@tanstack · vue-router@tanstack · vue-router-devtools@tanstack · vue-router-ssr-query@tanstack · vue-start@tanstack · vue-start-client@tanstack · vue-start-server@tanstack · zod-adapterpublic PoCs found — 12
githubgithub.com/Intrudify/mini-shai-hulud-scanner★ 2githubgithub.com/fabriziosalmi/tanstack-compromise-checker★ 2githubgithub.com/qi-scape/scan-shai-hulud★ 1githubgithub.com/nkopylov/tanscript-exploit-check★ 1githubgithub.com/shayr1/shai-hulud-scan★ 1githubgithub.com/renewablehacking/CVE-2026-45321-Tanstack★ 0githubgithub.com/Caixa-git/tanstack-shield★ 0githubgithub.com/adriannurrr/CVE-2026-45321-Tanstack★ 0githubgithub.com/ry-allan/tanstack-compromise-checker★ 0githubgithub.com/Yomisana/are-you-get-tanstack-attack★ 0githubgithub.com/digi4care/shai-scan★ 0githubgithub.com/prashanthnataraj/mini-shai-hulud-detector★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/TanStack/router/issues/7383https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpxhttps://tanstack.com/blog/npm-supply-chain-compromise-postmortemhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem