CVE-2026-45321
TanStack Unspecified Vulnerability
CVSS
—
No CVSS
EPSS
2.3%
p82
KEV
YES
May 27, 2026
Exploit Today
75
0-100
Published: — · Last modified: —
Product
TanStack / TanStack
Vulnerability
TanStack Unspecified Vulnerability
Added to KEV
May 27, 2026
Remediate by
Jun 10, 2026
Known ransomware use
Yes
Summary description
TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx ; https://nvd.nist.gov/vuln/detail/CVE-2026-45321
No related CVEs by CWE or product.