Cyber Resilience

CVE-2026-45321

CriticalCISA KEVActive ExploitationPublic PoCRansomware-linkedRCE

Published: 12 May 2026

Published
12 May 2026
Modified
29 May 2026
KEV Added
27 May 2026
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0234 81.5th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2026-45321 is a critical-severity Embedded Malicious Code (CWE-506) vulnerability in Beproduct Beproduct\/Nestjs-Auth. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Dependencies and Development Tools (T1195.001); ranked in the top 18.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-12 (Supply Chain Protection) and SR-3 (Supply Chain Controls and Processes).

Deeper analysis

CVE-2026-45321 is a supply-chain compromise in which 84 malicious versions of 42 @tanstack/* packages were published to the npm registry on 2026-05-11. The packages were signed with a legitimate GitHub Actions OIDC token belonging to the TanStack/router repository, allowing the malicious code (CWE-506) to appear under a trusted publisher identity. The affected component is the TanStack npm publication workflow and its downstream consumers.

An attacker with the ability to open pull requests against the TanStack/router repository could exploit a pull_request_target misconfiguration combined with GitHub Actions cache poisoning across the fork-to-base boundary. By extracting the OIDC token from runner memory, the attacker obtained the rights to publish credential-stealing malware in two versions of each targeted package within a six-minute window, achieving arbitrary code execution on any system that installed the tainted releases.

The GitHub security advisory, TanStack postmortem, and CISA Known Exploited Vulnerabilities catalog document the incident and list the compromised package versions. The current and peak EPSS score of 0.1705 indicates sustained but not sharply increasing exploitation interest after disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself…

more

was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.

CWE(s)
KEV Date Added
27 May 2026

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1195.001 Compromise Software Dependencies and Development Tools Initial Access
Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise.
T1195.002 Compromise Software Supply Chain Initial Access
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.
Why these techniques?

Direct supply-chain compromise of npm packages via poisoned CI/CD publish workflow and stolen OIDC token.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33634Shared CWE-506both on KEV
CVE-2026-8398Shared CWE-506both on KEV
CVE-2025-59374Shared CWE-506both on KEV
CVE-2026-48027Shared CWE-506both on KEV
CVE-2025-30066Shared CWE-506both on KEV
CVE-2025-30154Shared CWE-506both on KEV
CVE-2025-54313Shared CWE-506both on KEV
CVE-2024-13638Same product class: WordPress / CMS plugin
CVE-2024-12267Same product class: WordPress / CMS plugin
CVE-2024-8425Same product class: WordPress / CMS plugin

Affected Assets

tanstack
tanstack\/arktype-adapter
1.166.12, 1.166.15
tanstack
tanstack\/eslint-plugin-router
1.161.12, 1.161.9
tanstack
tanstack\/eslint-plugin-start
0.0.4, 0.0.7
tanstack
tanstack\/history
1.161.12, 1.161.9
tanstack
tanstack\/nitro-v2-vite-plugin
1.154.12, 1.154.15
tanstack
tanstack\/react-router
1.169.5, 1.169.8
tanstack
tanstack\/react-router-devtools
1.166.16, 1.166.19
tanstack
tanstack\/react-router-ssr-query
1.166.15, 1.166.18
tanstack
tanstack\/react-start
1.167.68, 1.167.71
tanstack
tanstack\/react-start-client
1.166.51, 1.166.54
+161 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires organizations to implement supply-chain controls and processes that would have blocked the unauthorized use of the TanStack/router OIDC token to publish malicious @tanstack/* packages.

prevent

Mandates supply-chain protection measures that directly address the GitHub Actions cache-poisoning and OIDC-token-exfiltration path used to compromise the npm publication workflow.

prevent

Enforces access restrictions for changes to the publish workflow and repository settings, limiting the impact of the pull_request_target misconfiguration that enabled the attack.

References