PT-2026-39905 · Npm · @Tanstack/*

Ashishkurmi

·

Published

2026-05-12

·

Updated

2026-06-17

·

CVE-2026-45321

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions TanStack (affected versions not specified)
Description A supply chain attack involving a self-propagating worm known as Mini Shai-Hulud allowed the publication of malicious versions of 42 @tanstack/* packages to the npm registry. The attacker exploited a chain of three issues: a pull request target misconfiguration, GitHub Actions cache poisoning across the fork-base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process. This enabled the publication of malware under a trusted identity with valid SLSA Build Level 3 provenance attestations.
The malware uses an obfuscated JavaScript file named router init.js to harvest sensitive data, including AWS, GCP, and Kubernetes credentials, GitHub and npm tokens, SSH private keys, and crypto wallets. Stolen data is exfiltrated via the Session/Oxen messenger network using endpoints such as 'filev2.getsession.org'. The worm is self-propagating, using stolen credentials to compromise other packages maintained by the victim. It also establishes persistence through a gh-token-monitor daemon and injections into VS Code and Claude Code settings.
Real-world impacts include the compromise of tens of thousands of systems, with confirmed victims such as OpenAI (stolen code-signing certificates), Mistral AI (SDK contamination), and GitHub (breach of 3,800 internal repositories).
Recommendations Update to the patched version for each affected package and reinstall from a clean lockfile. Pin @tanstack/* dependencies to known-good versions published before 2026-05-11 19:00 UTC. Delete node modules and the lockfile before reinstalling to prevent transitive dependency resolution to malicious versions. Configure npm to skip lifecycle scripts by using npm config set ignore-scripts true as a temporary defense. Remove gh-token-monitor daemons and rotate all credentials accessible to the install process if a compromise is suspected. Monitor CI runners for DNS queries to 'getsession.org'.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-06725
CVE-2026-45321
GHSA-G7CV-RXG3-HMPX

Affected Products

@Tanstack/*