On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HAntoinebcx Ml Toolkit Ts
APPAntoinebcx1.0.41.0.5Antoinebcx Ml Toolkit Ts\/preprocessing
APPAntoinebcx1.0.21.0.3Antoinebcx Ml Toolkit Ts\/xgboost
APPAntoinebcx1.0.31.0.4Beproduct Beproduct\/nestjs Auth
APPBeproduct0.1.20.1.30.1.4Mistral Mistralai
APPMistral2.4.6Mistral Mistralai\/mistralai
APPMistral2.2.32.2.4Mistral Mistralai\/mistralai Azure
APPMistral1.7.21.7.3Mistral Mistralai\/mistralai Gcp
APPMistral1.7.21.7.3Tanstack Tanstack\/arktype Adapter
APPTanstack1.166.121.166.15Tanstack Tanstack\/eslint Plugin Router
APPTanstack1.161.121.161.9Tanstack Tanstack\/eslint Plugin Start
APPTanstack0.0.40.0.7Tanstack Tanstack\/history
APPTanstack1.161.121.161.9Tanstack Tanstack\/nitro V2 Vite Plugin
APPTanstack1.154.121.154.15Tanstack Tanstack\/react Router
APPTanstack1.169.51.169.8Tanstack Tanstack\/react Router Devtools
APPTanstack1.166.161.166.19Tanstack Tanstack\/react Router Ssr Query
APPTanstack1.166.151.166.18Tanstack Tanstack\/react Start
APPTanstack1.167.681.167.71Tanstack Tanstack\/react Start Client
APPTanstack1.166.511.166.54Tanstack Tanstack\/react Start Rsc
APPTanstack0.0.470.0.50Tanstack Tanstack\/react Start Server
APPTanstack1.166.551.166.58Tanstack Tanstack\/router Cli
APPTanstack1.166.461.166.49Tanstack Tanstack\/router Core
APPTanstack1.169.51.169.8Tanstack Tanstack\/router Devtools
APPTanstack1.166.161.166.19Tanstack Tanstack\/router Devtools Core
APPTanstack1.167.61.167.9Tanstack Tanstack\/router Generator
APPTanstack1.166.451.166.48Tanstack Tanstack\/router Plugin
APPTanstack1.167.381.167.41Tanstack Tanstack\/router Ssr Query Core
APPTanstack1.168.31.168.6Tanstack Tanstack\/router Utils
APPTanstack1.161.111.161.14Tanstack Tanstack\/router Vite Plugin
APPTanstack1.166.531.166.56Tanstack Tanstack\/solid Router
APPTanstack1.169.51.169.8
CISA KEV — detailsi
- Vendori
- TanStack
- Producti
- TanStack
- Added to KEVi
- May 27, 2026
- Remediation deadline (US Federal)i
- June 10, 2026(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.