PT-2026-39905 · Npm · @Tanstack/*
Ashishkurmi
·
Published
2026-05-12
·
Updated
2026-06-17
·
CVE-2026-45321
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TanStack (affected versions not specified)
Description
A supply chain attack involving a self-propagating worm known as Mini Shai-Hulud allowed the publication of malicious versions of 42
@tanstack/* packages to the npm registry. The attacker exploited a chain of three issues: a pull request target misconfiguration, GitHub Actions cache poisoning across the fork-base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process. This enabled the publication of malware under a trusted identity with valid SLSA Build Level 3 provenance attestations.The malware uses an obfuscated JavaScript file named
router init.js to harvest sensitive data, including AWS, GCP, and Kubernetes credentials, GitHub and npm tokens, SSH private keys, and crypto wallets. Stolen data is exfiltrated via the Session/Oxen messenger network using endpoints such as 'filev2.getsession.org'. The worm is self-propagating, using stolen credentials to compromise other packages maintained by the victim. It also establishes persistence through a gh-token-monitor daemon and injections into VS Code and Claude Code settings.Real-world impacts include the compromise of tens of thousands of systems, with confirmed victims such as OpenAI (stolen code-signing certificates), Mistral AI (SDK contamination), and GitHub (breach of 3,800 internal repositories).
Recommendations
Update to the patched version for each affected package and reinstall from a clean lockfile.
Pin
@tanstack/* dependencies to known-good versions published before 2026-05-11 19:00 UTC.
Delete node modules and the lockfile before reinstalling to prevent transitive dependency resolution to malicious versions.
Configure npm to skip lifecycle scripts by using npm config set ignore-scripts true as a temporary defense.
Remove gh-token-monitor daemons and rotate all credentials accessible to the install process if a compromise is suspected.
Monitor CI runners for DNS queries to 'getsession.org'.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
@Tanstack/*