External risk intelligence

TanStack Packages Compromised via npm Supply Chain Attack

CVE advisoryKnown Exploit

CVE-2026-45321

Malicious versions of @tanstack/* packages were published to the npm registry through a supply chain attack, leveraging GitHub Actions vulnerabilities to steal credentials and distribute malware. This impacts multiple TanStack products, potentially allowing for significant data compromise.

1Halo Surface Signal

Tanstack\/arktype Adapter

1.166.121.166.151.161.91.161.120.0.40.0.71.154.121.154.151.169.51.169.81.166.161.166.191.166.181.167.681.167.711.166.511.166.540.0.470.0.501.166.551.166.58;...

External exposure likelihood

Halo Surface Signal score for CVE-2026-45321

This CVE describes a supply chain attack involving the malicious compromise of software build-time packages on the npm registry. The vulnerable activity occurs during software development, build, or deployment pipelines, not in a runtime environment that faces the public internet.

PCI scan relevance

PCI Relevance for CVE-2026-45321

Yes

CVE-2026-45321 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This critical supply chain attack involved malicious code being published as legitimate updates to TanStack npm packages. Since the attack compromised trusted software supply chains and actively spread credential-stealing malware, systems that installed these packages are conside

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

Malicious code was published to the npm registry disguised as legitimate updates for the @tanstack/* packages. This incident involved a sophisticated supply chain attack that leveraged vulnerabilities in GitHub Actions and package publishing to inject credential-stealing malware under a trusted identity, impacting multiple development tools.

  • Malicious code disguised as trusted updates.
  • Supply chain attack compromised trusted developer tools.
  • Confirm relevance and potential exposure to affected code.

Attack Path

How an attacker could exploit the issue

Attackers exploited a vulnerability in the GitHub Actions workflow to publish malicious versions of TanStack packages to the npm registry. This attack chained multiple vulnerabilities, including a `pull_request_target` misconfiguration and cache poisoning, to steal credentials and distribute malware under a trusted identity.

  • Entry condition: Access to a vulnerable GitHub Actions workflow.
  • Trigger point: Publishing malicious code to the npm registry.
  • Resulting risk: Credential theft and malware distribution.

Live Threat

Current exploitation, exposure, and threat context

The described vulnerability could allow malicious code to be published to the npm registry under a trusted identity. This occurs when specific conditions are met during the software development or build process, potentially impacting systems that use compromised packages.

  • Malicious package versions could be installed.
  • Compromised code could execute during builds.
  • No direct impact to user data or PII is specified.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The supply chain attack on @tanstack/* packages necessitates immediate triage by platform and development teams to identify affected codebases and accountable owners. The first practical step involves confirming where these compromised packages are integrated into your development or build pipelines, assessing their business criticality, and then strategizing remediation based on the identified risk.

  • Ownership: Platform and development teams.
  • Verify first: Package integration in build pipelines.
  • Action: Plan targeted remediation or removal.

Frequently asked questions

What are TanStack packages and what are they used for?

TanStack is a collection of libraries, often used in web development for tasks like routing, state management, and UI components. These packages are integrated into applications to provide specific functionalities, enhancing the development process for frameworks such as React, Vue, and Solid.

What is the weakness class for CVE-2026-45321?

The primary weakness class identified for CVE-2026-45321 is CWE-506, which relates to the use of code that contains a backdoor. In this incident, malicious code was introduced into TanStack packages, allowing attackers to publish credential-stealing malware.

How can an attacker exploit the TanStack packages?

An attacker can exploit this vulnerability by chaining several weaknesses, including a pull_request_target misconfiguration, GitHub Actions cache poisoning, and runtime memory extraction of an OIDC token from the Actions runner. These steps allow the attacker to publish malicious versions of packages under a trusted identity without modifying the core publish workflow.

Who should be concerned about CVE-2026-45321?

Developers and organizations using TanStack packages should be concerned. The Halo Surface Signal indicates this CVE is unlikely to be directly exposed to the public internet, as the exploitation occurs during the software development or build process, rather than in a runtime environment.

What are the first steps to address CVE-2026-45321?

The first steps involve reviewing your development and build pipelines for any dependencies on the affected TanStack packages. It is crucial to follow vendor instructions for mitigation and to ensure that all development tools and processes are secure to prevent the introduction of compromised code.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified