CVE-2026-45321

CRITICAL KEV

Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys

Title source: cna
STIX 2.1

Exploitation Summary

CVE-2026-45321 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 27, 2026. EIP tracks 11 public exploits from researchers including renewablehacking, prashanthnataraj, nkopylov.

AI-analyzed exploit summary This repository demonstrates a supply chain attack via a malicious npm package exploiting the `postinstall` script hook to execute arbitrary code during installation. The PoC simulates CVE-2026-45321 by creating a fake TanStack package that exfiltrates system information when installed.

Description

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.

Exploits (11)

github WORKING POC
by renewablehacking · javascriptpoc
https://github.com/renewablehacking/CVE-2026-45321-Tanstack

This repository demonstrates a supply chain attack via a malicious npm package exploiting the `postinstall` script hook to execute arbitrary code during installation. The PoC simulates CVE-2026-45321 by creating a fake TanStack package that exfiltrates system information when installed.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: npm (Node.js package manager)
No auth needed
Prerequisites: victim must install the malicious package
devstral-2 · analyzed May 25, 2026 Full analysis →
nomisec SCANNER
by prashanthnataraj · poc
https://github.com/prashanthnataraj/mini-shai-hulud-detector

This repository contains a detection script for the Mini Shai-Hulud npm supply-chain attack (CVE-2026-45321). The script scans for indicators of compromise such as malicious package namespaces, payload files, and persistence daemons, but does not exploit the vulnerability.

Classification
Scanner 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: npm projects
No auth needed
Prerequisites: access to the target system's file system
devstral-2 · analyzed May 21, 2026 Full analysis →
github SCANNER
by nkopylov · shellpoc
https://github.com/nkopylov/tanscript-exploit-check

This repository provides a detection script for the TanStack supply chain compromise (CVE-2026-45321), checking for indicators of compromise (IOCs) such as malicious files, processes, and network connections. It does not contain exploit code but helps identify compromised systems.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: @tanstack/* npm packages (versions 1.169.5, 1.169.8, 1.167.68, 1.167.71, etc.)
No auth needed
Prerequisites: access to the target system's filesystem and process list
devstral-2 · analyzed May 18, 2026 Full analysis →
nomisec SCANNER
by digi4care · poc
https://github.com/digi4care/shai-scan

This repository contains a zero-dependency CLI scanner for detecting compromised npm and PyPI packages, specifically targeting the Mini Shai-Hulud supply chain attack (CVE-2026-45321). It scans lockfiles, system IOCs, and outputs findings in multiple formats (text, JSON, SARIF).

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: npm and PyPI ecosystems (lockfiles and system artifacts)
No auth needed
Prerequisites: access to project lockfiles or system artifacts
devstral-2 · analyzed May 16, 2026 Full analysis →
nomisec SCANNER
by fabriziosalmi · poc
https://github.com/fabriziosalmi/tanstack-compromise-checker

This repository contains a GitHub Action and associated scripts designed to scan for compromised dependencies in TanStack projects, focusing on detecting known vulnerabilities (e.g., GHSA-g7cv-rxg3-hmpx). It includes workflows for automated checks, Docker support, and release management, but does not contain exploit code.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: TanStack projects (e.g., TanStack Query, TanStack Router)
No auth needed
Prerequisites: access to the target repository · GitHub Actions workflow permissions
devstral-2 · analyzed May 16, 2026 Full analysis →
nomisec SCANNER
by Intrudify · poc
https://github.com/Intrudify/mini-shai-hulud-scanner

This repository contains a scanner for detecting indicators of compromise related to the Mini Shai-Hulud supply chain worm (CVE-2026-45321). It checks for malicious npm/PyPI packages, persistence mechanisms, payload files, and C2 traffic without executing any exploit code.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: npm/PyPI packages and related environments
No auth needed
Prerequisites: access to the target system's file system and network configuration
devstral-2 · analyzed May 13, 2026 Full analysis →
nomisec SCANNER
by Yomisana · poc
https://github.com/Yomisana/are-you-get-tanstack-attack

This repository contains a scanner tool for detecting indicators of CVE-2026-45321 in TanStack Router projects. It checks for vulnerable package versions, suspicious files, and dependencies but does not include exploit code.

Classification
Scanner 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: TanStack Router (specific versions listed in README)
No auth needed
Prerequisites: Access to the target project directory · Node.js environment
devstral-2 · analyzed May 13, 2026 Full analysis →
nomisec SCANNER
by shayr1 · poc
https://github.com/shayr1/shai-hulud-scan

This repository provides a scanner for detecting indicators of compromise (IOCs) related to the Mini Shai-Hulud supply chain worm (CVE-2026-45321). It performs diagnostic checks for worm artifacts, persistence hooks, malicious files, compromised packages, and network IOCs, with full transparency and user approval for each step.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Systems affected by Mini Shai-Hulud worm (CVE-2026-45321)
No auth needed
Prerequisites: Access to the system being scanned · User approval for each diagnostic step
devstral-2 · analyzed May 13, 2026 Full analysis →
nomisec SCANNER
by qi-scape · poc
https://github.com/qi-scape/scan-shai-hulud

This repository contains a Bash script designed to scan systems for indicators of compromise (IOCs) related to CVE-2026-45321, a supply chain attack affecting npm and PyPI packages. The script checks for malicious files, persistence mechanisms, C2 infrastructure, and compromised packages.

Classification
Scanner 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Systems potentially affected by CVE-2026-45321 (npm and PyPI packages)
No auth needed
Prerequisites: Bash 4+ · Standard UNIX utilities (find, grep, shasum) · Optional: mdfind, npm, pip, git, lsof
devstral-2 · analyzed May 13, 2026 Full analysis →
nomisec SCANNER
by Caixa-git · poc
https://github.com/Caixa-git/tanstack-shield

This repository provides a read-only scanner to detect the presence of malicious versions of TanStack npm packages affected by CVE-2026-45321. It checks lockfiles, package manifests, and node_modules for known malicious versions and indicators of compromise.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: @tanstack/* npm packages (versions listed in BAD_VERSIONS)
No auth needed
Prerequisites: access to project directory with package-lock.json, yarn.lock, or pnpm-lock.yaml
devstral-2 · analyzed May 13, 2026 Full analysis →
nomisec SCANNER
by ry-allan · poc
https://github.com/ry-allan/tanstack-compromise-checker

This repository contains a detection script for the TanStack supply chain compromise (CVE-2026-45321), which scans for compromised packages, payload files, and persistence artifacts. It does not include exploit code but provides a comprehensive scanner for identifying indicators of compromise.

Classification
Scanner 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: TanStack npm packages and related dependencies
No auth needed
Prerequisites: local project checkout · access to lockfiles and node_modules
devstral-2 · analyzed May 12, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 9.6
EPSS 0.0160
EPSS Percentile 72.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2026-05-27
VulnCheck KEV 2026-05-27
ENISA EUVD EUVD-2026-29352
CWE
CWE-506
Status published
Products (50)
@tanstack/arktype-adapter 1.166.12
@tanstack/arktype-adapter 1.166.15
@tanstack/eslint-plugin-router 1.161.12
@tanstack/eslint-plugin-router 1.161.9
@tanstack/eslint-plugin-start 0.0.4
@tanstack/eslint-plugin-start 0.0.7
@tanstack/history 1.161.12
@tanstack/history 1.161.9
@tanstack/nitro-v2-vite-plugin 1.154.12
@tanstack/nitro-v2-vite-plugin 1.154.15
... and 40 more
Published May 12, 2026
KEV Added May 27, 2026
Tracked Since May 12, 2026