Description
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes β a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the forkβbase trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process β to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- @tanstack / arktype-adapter1.166.12 β 1.166.12
- @tanstack / arktype-adapter1.166.15 β 1.166.15
- @tanstack / eslint-plugin-router1.161.9 β 1.161.9
- @tanstack / eslint-plugin-router1.161.12 β 1.161.12
- @tanstack / eslint-plugin-start0.0.4 β 0.0.4
- @tanstack / eslint-plugin-start0.0.7 β 0.0.7
- @tanstack / history1.161.9 β 1.161.9
- @tanstack / history1.161.12 β 1.161.12
- @tanstack / nitro-v2-vite-plugin1.154.12 β 1.154.12
- @tanstack / nitro-v2-vite-plugin1.154.15 β 1.154.15
- @tanstack / outer-vite-plugin1.166.56 β 1.166.56
- @tanstack / outer-vite-plugin1.166.53 β 1.166.53
- @tanstack / react-router1.169.5 β 1.169.5
- @tanstack / react-router1.169.8 β 1.169.8
- @tanstack / react-router-devtools1.166.16 β 1.166.16
- @tanstack / react-router-devtools1.166.19 β 1.166.19
- @tanstack / react-router-ssr-query1.166.18 β 1.166.18
- @tanstack / react-router-ssr-query1.166.15 β 1.166.15
- @tanstack / react-start1.167.68 β 1.167.68
- @tanstack / react-start1.167.71 β 1.167.71
- @tanstack / react-start-client1.166.51 β 1.166.51
- @tanstack / react-start-client1.166.54 β 1.166.54
- @tanstack / react-start-rsc0.0.50 β 0.0.50
- @tanstack / react-start-rsc0.0.47 β 0.0.47
- @tanstack / react-start-server1.166.55 β 1.166.55
- @tanstack / react-start-server1.166.58 β 1.166.58
- @tanstack / router-cli1.166.46 β 1.166.46
- @tanstack / router-cli1.166.49 β 1.166.49
- @tanstack / router-core1.169.5 β 1.169.5
- @tanstack / router-core1.169.8 β 1.169.8
- @tanstack / router-devtools1.166.16 β 1.166.16
- @tanstack / router-devtools1.166.19 β 1.166.19
- @tanstack / router-devtools-core1.167.6 β 1.167.6
- @tanstack / router-devtools-core1.167.9 β 1.167.9
- @tanstack / router-generator1.166.45 β 1.166.45
- @tanstack / router-generator1.166.48 β 1.166.48
- @tanstack / router-plugin1.167.41 β 1.167.41
- @tanstack / router-plugin1.167.38 β 1.167.38
- @tanstack / router-ssr-query-core1.168.3 β 1.168.3
- @tanstack / router-ssr-query-core1.168.6 β 1.168.6
- @tanstack / router-utils1.161.11 β 1.161.11
- @tanstack / router-utils1.161.14 β 1.161.14
- @tanstack / solid-router1.169.5 β 1.169.5
- @tanstack / solid-router1.169.8 β 1.169.8
- @tanstack / solid-router-devtools1.166.16 β 1.166.16
- @tanstack / solid-router-devtools1.166.19 β 1.166.19
- @tanstack / solid-router-ssr-query1.166.15 β 1.166.15
- @tanstack / solid-router-ssr-query1.166.18 β 1.166.18
- @tanstack / solid-start1.167.65 β 1.167.65
- @tanstack / solid-start1.167.68 β 1.167.68
- @tanstack / solid-start-client1.166.50 β 1.166.50
- @tanstack / solid-start-client1.166.53 β 1.166.53
- @tanstack / solid-start-server1.166.54 β 1.166.54
- @tanstack / solid-start-server1.166.57 β 1.166.57
- @tanstack / start-client-core1.168.5 β 1.168.5
- @tanstack / start-client-core1.168.8 β 1.168.8
- @tanstack / start-fn-stubs1.161.9 β 1.161.9
- @tanstack / start-fn-stubs1.161.12 β 1.161.12
- @tanstack / start-plugin-core1.169.23 β 1.169.23
- @tanstack / start-plugin-core1.169.26 β 1.169.26
- @tanstack / start-server-core1.167.33 β 1.167.33
- @tanstack / start-server-core1.167.36 β 1.167.36
- @tanstack / start-static-server-functions1.166.44 β 1.166.44
- @tanstack / start-static-server-functions1.166.47 β 1.166.47
- @tanstack / start-storage-context1.166.38 β 1.166.38
- @tanstack / start-storage-context1.166.41 β 1.166.41
- @tanstack / valibot-adapter1.166.12 β 1.166.12
- @tanstack / valibot-adapter1.166.15 β 1.166.15
- @tanstack / virtual-file-routes1.161.10 β 1.161.10
- @tanstack / virtual-file-routes1.161.13 β 1.161.13
- @tanstack / vue-router1.169.5 β 1.169.5
- @tanstack / vue-router1.169.8 β 1.169.8
- @tanstack / vue-router-devtools1.166.16 β 1.166.16
- @tanstack / vue-router-devtools1.166.19 β 1.166.19
- @tanstack / vue-router-ssr-query1.166.15 β 1.166.15
- @tanstack / vue-router-ssr-query1.166.18 β 1.166.18
- @tanstack / vue-start1.167.61 β 1.167.61
- @tanstack / vue-start1.167.64 β 1.167.64
- @tanstack / vue-start-client1.166.46 β 1.166.46
- @tanstack / vue-start-client1.166.49 β 1.166.49
- @tanstack / vue-start-server1.166.50 β 1.166.50
- @tanstack / vue-start-server1.166.53 β 1.166.53
- @tanstack / zod-adapter1.166.12 β 1.166.12
- @tanstack / zod-adapter1.166.15 β 1.166.15
References
- VENDOR_ADVISORYhttps://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx
- MISChttps://github.com/TanStack/router/issues/7383
- MISChttps://tanstack.com/blog/npm-supply-chain-compromise-postmortem
- MISChttps://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem