CVE-2026-45321
Published: 12 May 2026
Summary
CVE-2026-45321 is a critical-severity Embedded Malicious Code (CWE-506) vulnerability in Beproduct Beproduct\/Nestjs-Auth. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Dependencies and Development Tools (T1195.001); ranked in the top 18.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-12 (Supply Chain Protection) and SR-3 (Supply Chain Controls and Processes).
Deeper analysis
CVE-2026-45321 is a supply-chain compromise in which 84 malicious versions of 42 @tanstack/* packages were published to the npm registry on 2026-05-11. The packages were signed with a legitimate GitHub Actions OIDC token belonging to the TanStack/router repository, allowing the malicious code (CWE-506) to appear under a trusted publisher identity. The affected component is the TanStack npm publication workflow and its downstream consumers.
An attacker with the ability to open pull requests against the TanStack/router repository could exploit a pull_request_target misconfiguration combined with GitHub Actions cache poisoning across the fork-to-base boundary. By extracting the OIDC token from runner memory, the attacker obtained the rights to publish credential-stealing malware in two versions of each targeted package within a six-minute window, achieving arbitrary code execution on any system that installed the tainted releases.
The GitHub security advisory, TanStack postmortem, and CISA Known Exploited Vulnerabilities catalog document the incident and list the compromised package versions. The current and peak EPSS score of 0.1705 indicates sustained but not sharply increasing exploitation interest after disclosure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-29352
Vulnerability details
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself…
more
was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
- CWE(s)
- KEV Date Added
- 27 May 2026
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct supply-chain compromise of npm packages via poisoned CI/CD publish workflow and stolen OIDC token.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires organizations to implement supply-chain controls and processes that would have blocked the unauthorized use of the TanStack/router OIDC token to publish malicious @tanstack/* packages.
Mandates supply-chain protection measures that directly address the GitHub Actions cache-poisoning and OIDC-token-exfiltration path used to compromise the npm publication workflow.
Enforces access restrictions for changes to the publish workflow and repository settings, limiting the impact of the pull_request_target misconfiguration that enabled the attack.