Common Weakness Enumeration

CWE-506

Allowed-with-Review

Embedded Malicious Code

Abstraction: Class · Status: Incomplete

The product contains code that appears to be malicious in nature.

525 vulnerabilities reference this CWE, most recent first.

GHSA-G37J-V5GH-G25C

Vulnerability from github – Published: 2020-09-03 23:06 – Updated: 2021-09-30 17:14
VLAI
Summary
Malicious Package in js-shi3
Details

Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.

Recommendation

Remove the package from your environment. Ensure no Ethereum funds were compromised.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "js-shi3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:53:53Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.\n\n\n## Recommendation\n\nRemove the package from your environment. Ensure no Ethereum funds were compromised.",
  "id": "GHSA-g37j-v5gh-g25c",
  "modified": "2021-09-30T17:14:07Z",
  "published": "2020-09-03T23:06:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1288"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Malicious Package in js-shi3"
}

GHSA-G38R-8GMR-GHRF

Vulnerability from github – Published: 2026-05-04 21:43 – Updated: 2026-05-04 21:43
VLAI
Summary
`mysten-metrics` was removed from crates.io for malicious code
Details

mysten-metrics included a build script that attempted to exfiltrate data from the build machine.

The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "mysten-metrics"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-04T21:43:56Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "`mysten-metrics` included a build script that attempted to exfiltrate data from the build machine.\n\nThe malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io.",
  "id": "GHSA-g38r-8gmr-ghrf",
  "modified": "2026-05-04T21:43:56Z",
  "published": "2026-05-04T21:43:56Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://github.com/MystenLabs/sui"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0107.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "`mysten-metrics` was removed from crates.io for malicious code"
}

GHSA-G4M3-RPXR-H7VG

Vulnerability from github – Published: 2020-09-03 19:52 – Updated: 2021-09-30 20:26
VLAI
Summary
Malicious Package in mogodb-core
Details

This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server.

Recommendation

Remove the package from your environment. There are no indications of further compromise.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "mogodb-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:48:29Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server.\n\n\n## Recommendation\n\nRemove the package from your environment. There are no indications of further compromise.",
  "id": "GHSA-g4m3-rpxr-h7vg",
  "modified": "2021-09-30T20:26:34Z",
  "published": "2020-09-03T19:52:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1134"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Malicious Package in mogodb-core"
}

GHSA-G5Q2-FCG9-J526

Vulnerability from github – Published: 2020-09-03 17:40 – Updated: 2021-09-30 19:46
VLAI
Summary
Malicious Package in hsf-clients
Details

All versions of hsf-clients contain malicious code. The package uploads system information to a remote server, downloads a file and executes it.

Recommendation

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.

The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "hsf-clients"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:45:38Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "All versions of `hsf-clients` contain malicious code. The package uploads system information to a remote server, downloads a file and executes it.\n\n\n## Recommendation\n\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.\n\nThe package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.",
  "id": "GHSA-g5q2-fcg9-j526",
  "modified": "2021-09-30T19:46:50Z",
  "published": "2020-09-03T17:40:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1054"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Malicious Package in hsf-clients"
}

GHSA-G7CV-RXG3-HMPX

Vulnerability from github – Published: 2026-05-12 00:12 – Updated: 2026-06-08 23:53
VLAI
Summary
Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
Details

Summary

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity.

Each affected package received exactly two malicious versions, published a few minutes apart.

Impact

A user installing any affected version executes a payload (~2.3 MB obfuscated router_init.js) at install time that:

  • Harvests credentials from common locations:
  • AWS instance metadata (IMDS) and Secrets Manager
  • GCP metadata service
  • Kubernetes service-account tokens
  • HashiCorp Vault tokens
  • ~/.npmrc (npm tokens)
  • GitHub tokens (env vars, gh CLI config, .git-credentials)
  • SSH private keys (~/.ssh/)
  • Exfiltrates harvested data over the Session/Oxen messenger file-upload network (filev2.getsession.org, seed{1,2,3}.getsession.org). This is end-to-end encrypted with no attacker-controlled C2, so blocking by IP or domain is the only network mitigation.
  • Enumerates packages that the victim maintains via registry.npmjs.org/-/v1/search?text=maintainer:<user> and republishes them with the same injection, propagating the compromise across npm.

Any developer or CI environment that ran npm install, pnpm install, or yarn install against an affected version on 2026-05-11 should be considered compromised. All credentials accessible to the install process should be rotated immediately. Cloud audit logs should be reviewed for activity originating from the affected hosts during and after the install window.

Detection

Inspect the published manifest of any pinned @tanstack/* version. Malicious manifests contain this exact optionalDependencies entry:

"optionalDependencies": {
  "@tanstack/setup": "github:tanstack/router#79ac49eedf774dd4b0cfa308722bc463cfe5885c"
}

To check a version without running install scripts:

npm pack @tanstack/<name>@<version>   # downloads tarball; does NOT execute lifecycle scripts
tar -xzf *.tgz
grep -A3 optionalDependencies package/package.json
ls -la package/router_init.js   # malicious payload, ~2.3 MB, present at package root

The payload file router_init.js is approximately 2.3 MB of obfuscated JavaScript. It is placed at the tarball root and is intentionally not declared in the package's "files" array, so it does not appear in the package's documented contents.

Mechanism

@tanstack/setup is not a real package on the npm registry. The github:tanstack/router#79ac49ee... specifier resolves to an orphan commit pushed to a fork in the tanstack/router GitHub fork network. GitHub serves commits across the entire fork network for git-URL dependencies, so the attacker did not require write access to TanStack/router itself — only the ability to fork and push to their own fork.

When npm processes the optional dependency, it:

  1. Fetches the orphan commit from the fork network.
  2. Installs the commit's declared dependencies (which include a real bun binary).
  3. Runs the commit's prepare lifecycle script: bun run tanstack_runner.js && exit 1. The trailing exit 1 causes the optional install to fail, after which npm silently discards it — leaving no node_modules trace.
  4. The tanstack_runner.js script in turn executes router_init.js from the host package's tarball.

Patches

Affected versions are being deprecated on npm with a SECURITY: notice. Where npm policy allows (no existing third-party dependents), affected versions are also being unpublished. The npm security team has been engaged to pull tarballs server-side for versions that cannot be unpublished.

Clean follow-up releases are being prepared. Update to the patched version listed in the affected-products table for each package, then reinstall from a clean lockfile.

Workarounds

Until clean follow-up releases are available:

  • Pin every @tanstack/* dependency to a known-good version published before 2026-05-11 19:00 UTC. The last known-good version for most affected packages was published on 2026-03-15.
  • Delete node_modules and the lockfile, then reinstall to ensure no transitive dependency resolves to a malicious version.
  • Configure npm to skip lifecycle scripts on install (npm config set ignore-scripts true) as a temporary defense-in-depth measure.
  • For CI, audit any pipeline that ran install against @tanstack/* between 19:20 and 19:30 UTC on 2026-05-11. Treat the runner as compromised and rotate any secrets it had access to.

Indicators of compromise

Indicator Value
Malicious git ref github:tanstack/router#79ac49eedf774dd4b0cfa308722bc463cfe5885c
Fictitious package name @tanstack/setup
Payload filename router_init.js (~2.3 MB, package root, undeclared in files)
Helper filename in orphan commit tanstack_runner.js
Exfiltration network filev2.getsession.org, seed1.getsession.org, seed2.getsession.org, seed3.getsession.org
Second-stage payload URLs https://litter.catbox.moe/h8nc9u.js, https://litter.catbox.moe/7rrc6l.mjs
Poisoned cache key Linux-pnpm-store-6f9233a50def742c09fde54f56553d6b449a535adf87d4083690539f49ae4da11
Publish window (UTC) 2026-05-11 19:20 — 19:26
Publish mechanism GitHub Actions OIDC trusted publisher (oidc:db7d6f54-05d5-412b-8a10-e7a8398b303e)
Workflow runs https://github.com/TanStack/router/actions/runs/25613093674 (attempt 4), https://github.com/TanStack/router/actions/runs/25691781302
Attacker GitHub accounts zblgg (id 127806521), voicproducoes (id 269549300)
Attacker fork (renamed to evade detection) https://github.com/zblgg/configuration

Credits

  • The security researcher who initially disclosed the vulnerability publicly with detailed analysis at https://github.com/TanStack/router/issues/7383

References

  • Public incident tracking issue: https://github.com/TanStack/router/issues/7383
  • Related research:
  • Adnan Khan, "The Monsters in Your Build Cache: GitHub Actions Cache Poisoning" (May 2024)
  • GitHub Security Lab, "Keeping your GitHub Actions and workflows secure: Preventing Pwn Requests"
  • StepSecurity, "tj-actions/changed-files action is compromised" (March 2025) — the malicious payload reuses this incident's runner-memory extraction technique verbatim
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/arktype-adapter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.12"
            },
            {
              "fixed": "1.166.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.12"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/eslint-plugin-router"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.161.9"
            },
            {
              "fixed": "1.161.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.161.9"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/eslint-plugin-start"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.4"
            },
            {
              "fixed": "0.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.4"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/history"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.161.9"
            },
            {
              "fixed": "1.161.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.161.9"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/nitro-v2-vite-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.154.12"
            },
            {
              "fixed": "1.154.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.154.12"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-router"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.169.5"
            },
            {
              "fixed": "1.169.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.169.5"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-router-devtools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.16"
            },
            {
              "fixed": "1.166.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.16"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-router-ssr-query"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.15"
            },
            {
              "fixed": "1.166.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.15"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-start"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.68"
            },
            {
              "fixed": "1.167.72"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.68"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-start-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.51"
            },
            {
              "fixed": "1.166.55"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.51"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-start-rsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.47"
            },
            {
              "fixed": "0.0.51"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.47"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-start-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.55"
            },
            {
              "fixed": "1.166.59"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.55"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.46"
            },
            {
              "fixed": "1.166.50"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.46"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.169.5"
            },
            {
              "fixed": "1.169.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.169.5"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-devtools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.16"
            },
            {
              "fixed": "1.166.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.16"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-devtools-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.6"
            },
            {
              "fixed": "1.167.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.6"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-generator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.45"
            },
            {
              "fixed": "1.166.49"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.45"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.38"
            },
            {
              "fixed": "1.167.42"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.38"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-ssr-query-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.168.3"
            },
            {
              "fixed": "1.168.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.168.3"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.161.11"
            },
            {
              "fixed": "1.161.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.161.11"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-vite-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.53"
            },
            {
              "fixed": "1.166.57"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.53"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-router"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.169.5"
            },
            {
              "fixed": "1.169.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.169.5"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-router-devtools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.16"
            },
            {
              "fixed": "1.166.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.16"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-router-ssr-query"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.15"
            },
            {
              "fixed": "1.166.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.15"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-start"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.65"
            },
            {
              "fixed": "1.167.69"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.65"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-start-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.50"
            },
            {
              "fixed": "1.166.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.50"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-start-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.54"
            },
            {
              "fixed": "1.166.58"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.54"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-client-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.168.5"
            },
            {
              "fixed": "1.168.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.168.5"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-fn-stubs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.161.9"
            },
            {
              "fixed": "1.161.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.161.9"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-plugin-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.169.23"
            },
            {
              "fixed": "1.169.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.169.23"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-server-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.33"
            },
            {
              "fixed": "1.167.37"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.33"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-static-server-functions"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.44"
            },
            {
              "fixed": "1.166.48"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.44"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-storage-context"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.38"
            },
            {
              "fixed": "1.166.42"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.38"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/valibot-adapter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.12"
            },
            {
              "fixed": "1.166.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.12"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/virtual-file-routes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.161.10"
            },
            {
              "fixed": "1.161.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.161.10"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-router"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.169.5"
            },
            {
              "fixed": "1.169.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.169.5"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-router-devtools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.16"
            },
            {
              "fixed": "1.166.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.16"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-router-ssr-query"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.15"
            },
            {
              "fixed": "1.166.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.15"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-start"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.61"
            },
            {
              "fixed": "1.167.65"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.61"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-start-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.46"
            },
            {
              "fixed": "1.166.50"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.46"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-start-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.50"
            },
            {
              "fixed": "1.166.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.50"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/zod-adapter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.12"
            },
            {
              "fixed": "1.166.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.12"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/arktype-adapter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.15"
            },
            {
              "fixed": "1.166.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.15"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/eslint-plugin-router"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.161.12"
            },
            {
              "fixed": "1.161.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.161.12"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/eslint-plugin-start"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.7"
            },
            {
              "fixed": "0.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.7"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/history"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.161.12"
            },
            {
              "fixed": "1.161.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.161.12"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/nitro-v2-vite-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.154.15"
            },
            {
              "fixed": "1.154.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.154.15"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-router"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.169.8"
            },
            {
              "fixed": "1.169.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.169.8"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-router-devtools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.19"
            },
            {
              "fixed": "1.166.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.19"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-router-ssr-query"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.18"
            },
            {
              "fixed": "1.166.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.18"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-start"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.71"
            },
            {
              "fixed": "1.167.72"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.71"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-start-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.54"
            },
            {
              "fixed": "1.166.55"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.54"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-start-rsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.50"
            },
            {
              "fixed": "0.0.51"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.50"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/react-start-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.58"
            },
            {
              "fixed": "1.166.59"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.58"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.49"
            },
            {
              "fixed": "1.166.50"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.49"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.169.8"
            },
            {
              "fixed": "1.169.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.169.8"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-devtools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.19"
            },
            {
              "fixed": "1.166.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.19"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-devtools-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.9"
            },
            {
              "fixed": "1.167.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.9"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-generator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.48"
            },
            {
              "fixed": "1.166.49"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.48"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.41"
            },
            {
              "fixed": "1.167.42"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.41"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-ssr-query-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.168.6"
            },
            {
              "fixed": "1.168.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.168.6"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.161.14"
            },
            {
              "fixed": "1.161.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.161.14"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/router-vite-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.56"
            },
            {
              "fixed": "1.166.57"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.56"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-router"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.169.8"
            },
            {
              "fixed": "1.169.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.169.8"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-router-devtools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.19"
            },
            {
              "fixed": "1.166.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.19"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-router-ssr-query"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.18"
            },
            {
              "fixed": "1.166.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.18"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-start"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.68"
            },
            {
              "fixed": "1.167.69"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.68"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-start-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.53"
            },
            {
              "fixed": "1.166.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.53"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/solid-start-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.57"
            },
            {
              "fixed": "1.166.58"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.57"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-client-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.168.8"
            },
            {
              "fixed": "1.168.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.168.8"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-fn-stubs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.161.12"
            },
            {
              "fixed": "1.161.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.161.12"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-plugin-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.169.26"
            },
            {
              "fixed": "1.169.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.169.26"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-server-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.36"
            },
            {
              "fixed": "1.167.37"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.36"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-static-server-functions"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.47"
            },
            {
              "fixed": "1.166.48"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.47"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/start-storage-context"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.41"
            },
            {
              "fixed": "1.166.42"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.41"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/valibot-adapter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.15"
            },
            {
              "fixed": "1.166.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.15"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/virtual-file-routes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.161.13"
            },
            {
              "fixed": "1.161.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.161.13"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-router"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.169.8"
            },
            {
              "fixed": "1.169.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.169.8"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-router-devtools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.19"
            },
            {
              "fixed": "1.166.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.19"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-router-ssr-query"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.18"
            },
            {
              "fixed": "1.166.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.18"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-start"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.167.64"
            },
            {
              "fixed": "1.167.65"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.167.64"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-start-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.49"
            },
            {
              "fixed": "1.166.50"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.49"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/vue-start-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.53"
            },
            {
              "fixed": "1.166.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.53"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@tanstack/zod-adapter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.166.15"
            },
            {
              "fixed": "1.166.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.166.15"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45321"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-12T00:12:49Z",
    "nvd_published_at": "2026-05-12T01:16:46Z",
    "severity": "CRITICAL"
  },
  "details": "## Summary\n\nOn 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 `@tanstack/*` packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for `TanStack/router`, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes \u2014 a `pull_request_target` \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork\u2194base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process \u2014 to publish credential-stealing malware under a trusted identity.\n\nEach affected package received exactly two malicious versions, published a few minutes apart.\n\n## Impact\n\nA user installing any affected version executes a payload (~2.3 MB obfuscated `router_init.js`) at install time that:\n\n- Harvests credentials from common locations:\n  - AWS instance metadata (IMDS) and Secrets Manager\n  - GCP metadata service\n  - Kubernetes service-account tokens\n  - HashiCorp Vault tokens\n  - `~/.npmrc` (npm tokens)\n  - GitHub tokens (env vars, `gh` CLI config, `.git-credentials`)\n  - SSH private keys (`~/.ssh/`)\n- Exfiltrates harvested data over the Session/Oxen messenger file-upload network (`filev2.getsession.org`, `seed{1,2,3}.getsession.org`). This is end-to-end encrypted with no attacker-controlled C2, so blocking by IP or domain is the only network mitigation.\n- Enumerates packages that the victim maintains via `registry.npmjs.org/-/v1/search?text=maintainer:\u003cuser\u003e` and republishes them with the same injection, propagating the compromise across npm.\n\nAny developer or CI environment that ran `npm install`, `pnpm install`, or `yarn install` against an affected version on 2026-05-11 should be considered compromised. All credentials accessible to the install process should be rotated immediately. Cloud audit logs should be reviewed for activity originating from the affected hosts during and after the install window.\n\n## Detection\n\nInspect the published manifest of any pinned `@tanstack/*` version. Malicious manifests contain this exact `optionalDependencies` entry:\n\n```json\n\"optionalDependencies\": {\n  \"@tanstack/setup\": \"github:tanstack/router#79ac49eedf774dd4b0cfa308722bc463cfe5885c\"\n}\n```\n\nTo check a version without running install scripts:\n\n```bash\nnpm pack @tanstack/\u003cname\u003e@\u003cversion\u003e   # downloads tarball; does NOT execute lifecycle scripts\ntar -xzf *.tgz\ngrep -A3 optionalDependencies package/package.json\nls -la package/router_init.js   # malicious payload, ~2.3 MB, present at package root\n```\n\nThe payload file `router_init.js` is approximately 2.3 MB of obfuscated JavaScript. It is placed at the tarball root and is intentionally not declared in the package\u0027s `\"files\"` array, so it does not appear in the package\u0027s documented contents.\n\n## Mechanism\n\n`@tanstack/setup` is not a real package on the npm registry. The `github:tanstack/router#79ac49ee...` specifier resolves to an orphan commit pushed to a fork in the `tanstack/router` GitHub fork network. GitHub serves commits across the entire fork network for git-URL dependencies, so the attacker did not require write access to `TanStack/router` itself \u2014 only the ability to fork and push to their own fork.\n\nWhen npm processes the optional dependency, it:\n\n1. Fetches the orphan commit from the fork network.\n2. Installs the commit\u0027s declared dependencies (which include a real `bun` binary).\n3. Runs the commit\u0027s `prepare` lifecycle script: `bun run tanstack_runner.js \u0026\u0026 exit 1`. The trailing `exit 1` causes the optional install to fail, after which npm silently discards it \u2014 leaving no `node_modules` trace.\n4. The `tanstack_runner.js` script in turn executes `router_init.js` from the host package\u0027s tarball.\n\n## Patches\n\nAffected versions are being deprecated on npm with a `SECURITY:` notice. Where npm policy allows (no existing third-party dependents), affected versions are also being unpublished. The npm security team has been engaged to pull tarballs server-side for versions that cannot be unpublished.\n\nClean follow-up releases are being prepared. Update to the patched version listed in the affected-products table for each package, then reinstall from a clean lockfile.\n\n## Workarounds\n\nUntil clean follow-up releases are available:\n\n- Pin every `@tanstack/*` dependency to a known-good version published before 2026-05-11 19:00 UTC. The last known-good version for most affected packages was published on 2026-03-15.\n- Delete `node_modules` and the lockfile, then reinstall to ensure no transitive dependency resolves to a malicious version.\n- Configure npm to skip lifecycle scripts on install (`npm config set ignore-scripts true`) as a temporary defense-in-depth measure.\n- For CI, audit any pipeline that ran `install` against `@tanstack/*` between 19:20 and 19:30 UTC on 2026-05-11. Treat the runner as compromised and rotate any secrets it had access to.\n\n## Indicators of compromise\n\n| Indicator | Value |\n|---|---|\n| Malicious git ref | `github:tanstack/router#79ac49eedf774dd4b0cfa308722bc463cfe5885c` |\n| Fictitious package name | `@tanstack/setup` |\n| Payload filename | `router_init.js` (~2.3 MB, package root, undeclared in `files`) |\n| Helper filename in orphan commit | `tanstack_runner.js` |\n| Exfiltration network | `filev2.getsession.org`, `seed1.getsession.org`, `seed2.getsession.org`, `seed3.getsession.org` |\n| Second-stage payload URLs | `https://litter.catbox.moe/h8nc9u.js`, `https://litter.catbox.moe/7rrc6l.mjs` |\n| Poisoned cache key | `Linux-pnpm-store-6f9233a50def742c09fde54f56553d6b449a535adf87d4083690539f49ae4da11` |\n| Publish window (UTC) | 2026-05-11 19:20 \u2014 19:26 |\n| Publish mechanism | GitHub Actions OIDC trusted publisher (`oidc:db7d6f54-05d5-412b-8a10-e7a8398b303e`) |\n| Workflow runs | https://github.com/TanStack/router/actions/runs/25613093674 (attempt 4), https://github.com/TanStack/router/actions/runs/25691781302 |\n| Attacker GitHub accounts | `zblgg` (id 127806521), `voicproducoes` (id 269549300) |\n| Attacker fork (renamed to evade detection) | https://github.com/zblgg/configuration |\n\n## Credits\n\n- The security researcher who initially disclosed the vulnerability publicly with detailed analysis at https://github.com/TanStack/router/issues/7383\n\n## References\n\n- Public incident tracking issue: https://github.com/TanStack/router/issues/7383\n- Related research:\n  - Adnan Khan, \"The Monsters in Your Build Cache: GitHub Actions Cache Poisoning\" (May 2024)\n  - GitHub Security Lab, \"Keeping your GitHub Actions and workflows secure: Preventing Pwn Requests\"\n  - StepSecurity, \"tj-actions/changed-files action is compromised\" (March 2025) \u2014 the malicious payload reuses this incident\u0027s runner-memory extraction technique verbatim",
  "id": "GHSA-g7cv-rxg3-hmpx",
  "modified": "2026-06-08T23:53:09Z",
  "published": "2026-05-12T00:12:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45321"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TanStack/router/issues/7383"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TanStack/router"
    },
    {
      "type": "WEB",
      "url": "https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack"
    },
    {
      "type": "WEB",
      "url": "https://tanstack.com/blog/npm-supply-chain-compromise-postmortem"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321"
    },
    {
      "type": "WEB",
      "url": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys"
}

GHSA-G8JC-MM3C-CWHJ

Vulnerability from github – Published: 2020-09-02 20:31 – Updated: 2021-10-01 14:08
VLAI
Summary
Malicious Package in reques
Details

All versions of reques typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process was running as sudo. There is no further compromise.

Recommendation

Remove the package from your dependencies and always ensure package names are typed correctly upon installation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "reques"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:38:36Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "All versions of `reques` typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process was running as sudo. There is no further compromise.\n\n\n## Recommendation\n\nRemove the package from your dependencies and always ensure package names are typed correctly upon installation.",
  "id": "GHSA-g8jc-mm3c-cwhj",
  "modified": "2021-10-01T14:08:00Z",
  "published": "2020-09-02T20:31:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/863"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Malicious Package in reques"
}

GHSA-G9WF-393Q-4W38

Vulnerability from github – Published: 2020-09-03 17:28 – Updated: 2021-09-30 17:44
VLAI
Summary
Malicious Package in only-test-not-install
Details

All versions of only-test-not-install contain malicious code. The package deletes the folder ~/test from the system as a postinstall script.

Recommendation

Remove the package from your environment. There are no further signs of compromise.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "only-test-not-install"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:45:15Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "All versions of `only-test-not-install` contain malicious code. The package deletes the folder `~/test` from the system as a postinstall script.\n\n\n## Recommendation\n\nRemove the package from your environment. There are no further signs of compromise.",
  "id": "GHSA-g9wf-393q-4w38",
  "modified": "2021-09-30T17:44:24Z",
  "published": "2020-09-03T17:28:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1044"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Malicious Package in only-test-not-install"
}

GHSA-GCFC-MGG3-8J2C

Vulnerability from github – Published: 2020-09-03 18:11 – Updated: 2021-09-30 20:03
VLAI
Summary
Malicious Package in sdfjghlkfjdshlkjdhsfg
Details

All versions of sdfjghlkfjdshlkjdhsfg contain malicious code. The package is essentially a worm that fetches all packages owned by the user, adds a script to self-replicate as a preinstall script and publishes a new version.

Recommendation

Remove the package from your environment and ensure all packages owned were not impacted.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "sdfjghlkfjdshlkjdhsfg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:46:18Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "All versions of `sdfjghlkfjdshlkjdhsfg` contain malicious code. The package is essentially a worm that fetches all packages owned by the user, adds a script to self-replicate as a preinstall script and publishes a new version.\n\n\n## Recommendation\n\nRemove the package from your environment and ensure all packages owned were not impacted.",
  "id": "GHSA-gcfc-mgg3-8j2c",
  "modified": "2021-09-30T20:03:20Z",
  "published": "2020-09-03T18:11:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1072"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Malicious Package in sdfjghlkfjdshlkjdhsfg"
}

GHSA-GFJ6-P24G-6HPM

Vulnerability from github – Published: 2020-09-03 22:55 – Updated: 2021-09-30 16:35
VLAI
Summary
Malicious Package in jc-sha3
Details

Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.

Recommendation

Remove the package from your environment. Ensure no Ethereum funds were compromised.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jc-sha3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:53:28Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.\n\n\n## Recommendation\n\nRemove the package from your environment. Ensure no Ethereum funds were compromised.",
  "id": "GHSA-gfj6-p24g-6hpm",
  "modified": "2021-09-30T16:35:07Z",
  "published": "2020-09-03T22:55:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1277"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Malicious Package in jc-sha3"
}

GHSA-GFJR-XQHM-QVV3

Vulnerability from github – Published: 2020-09-02 20:16 – Updated: 2021-10-01 14:01
VLAI
Summary
Malicious Package in aysnc
Details

All versions of aysnc typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process was running as sudo. There is no further compromise.

Recommendation

Remove the package from your dependencies and always ensure package names are typed correctly upon installation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "aysnc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:38:02Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "All versions of `aysnc` typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process was running as sudo. There is no further compromise.\n\n\n## Recommendation\n\nRemove the package from your dependencies and always ensure package names are typed correctly upon installation.",
  "id": "GHSA-gfjr-xqhm-qvv3",
  "modified": "2021-10-01T14:01:11Z",
  "published": "2020-09-02T20:16:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/848"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Malicious Package in aysnc"
}

Mitigation
Implementation Operation

Remove the malicious code and start an effort to ensure that no more malicious code exists. This may require a detailed review of all code, as it is possible to hide a serious attack in only one or two lines of code. These lines may be located almost anywhere in an application and may have been intentionally obfuscated by the attacker.

CAPEC-442: Infected Software

An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. This logic is often hidden from the user of the software and works behind the scenes to achieve negative impacts. Many times, the malicious logic is inserted into empty space between legitimate code, and is then called when the software is executed. This pattern of attack focuses on software already fielded and used in operation as opposed to software that is still under development and part of the supply chain.

CAPEC-448: Embed Virus into DLL

An adversary tampers with a DLL and embeds a computer virus into gaps between legitimate machine instructions. These gaps may be the result of compiler optimizations that pad memory blocks for performance gains. The embedded virus then attempts to infect any machine which interfaces with the product, and possibly steal private data or eavesdrop.

CAPEC-636: Hiding Malicious Data or Code within Files

Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata about the file, such as a cached thumbnail for an image file. Unless utilities are invoked in a particular way, this data is not visible during the normal use of the file. It is possible for an attacker to store malicious data or code using these facilities, which would be difficult to discover.