PT-2026-39905 · @Tanstack · Arktype-Adapter+41
Published
2026-05-12
·
Updated
2026-05-12
·
CVE-2026-45321
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull request target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arktype-Adapter
Eslint-Plugin-Router
Eslint-Plugin-Start
History
Nitro-V2-Vite-Plugin
Outer-Vite-Plugin
React Router
React-Router-Devtools
React-Router-Ssr-Query
React-Start
React-Start-Client
React-Start-Rsc
React-Start-Server
Router-Cli
Router-Core
Router-Devtools
Router-Devtools-Core
Router-Generator
Router-Plugin
Router-Ssr-Query-Core
Router-Utils
Solid-Router
Solid-Router-Devtools
Solid-Router-Ssr-Query
Solid-Start
Solid-Start-Client
Solid-Start-Server
Start-Client-Core
Start-Fn-Stubs
Start-Plugin-Core
Start-Server-Core
Start-Static-Server-Functions
Start-Storage-Context
Valibot-Adapter
Virtual-File-Routes
Vue-Router
Vue-Router-Devtools
Vue-Router-Ssr-Query
Vue-Start
Vue-Start-Client
Vue-Start-Server
Zod-Adapter