CVE-2026-45321: Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
(updated )
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target “Pwn Request” misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity.
Each affected package received exactly two malicious versions, published a few minutes apart.
References
- github.com/TanStack/router/issues/7383
- github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx
- github.com/advisories/GHSA-g7cv-rxg3-hmpx
- nvd.nist.gov/vuln/detail/CVE-2026-45321
- socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
- tanstack.com/blog/npm-supply-chain-compromise-postmortem
- www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
Code Behaviors & Features
Detect and mitigate CVE-2026-45321 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →