CVE-2026-45321

# Conceptual PoC: Detection script for suspicious TanStack package versions # Check if any @tanstack package was installed during the attack window (2026-05-11 19:20 - 19:26 UTC) import json import sys from datetime import datetime, timezone def check_package_lock(file_path): attack_start = datetime(2026, 5, 11, 19, 20, tzinfo=timezone.utc) attack_end = datetime(2026, 5, 11, 19, 26, tzinfo=timezone.utc) try: with open(file_path, 'r') as f: data = json.load(f) print(f"[*] Analyzing {file_path}...") # Simplified logic for package-lock.json structure if 'packages' in data: for path, details in data['packages'].items(): if '@tanstack' in path: # In a real scenario, check the 'integrity' hash or version publication time # Here we just flag the presence of the package for manual review print(f"[!] Suspicious package found: {path}") print(f" Version: {details.get('version', 'unknown')}") print(f" Action: Verify this version against official advisories.") except FileNotFoundError: print("Error: File not found.") except Exception as e: print(f"Error parsing JSON: {e}") if __name__ == "__main__": if len(sys.argv) > 1: check_package_lock(sys.argv[1]) else: print("Usage: python3 check_tanstack.py package-lock.json")

{"cve": {"id": "CVE-2026-45321", "sourceIdentifier": "[email protected]", "published": "2026-05-12T01:16:46.820", "lastModified": "2026-05-12T01:16:46.820", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-506"}]}], "references": [{"url": "https://github.com/TanStack/router/issues/7383", "source": "[email protected]"}, {"url": "https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx", "source": "[email protected]"}]}}