CVE-2026-45321β€”TanStack Unspecified Vulnerability

PUBLISHEDvulnerability record
2026-05-27 Β· last modified May 28, 2026

Metadata

CVE ID:
CVE-2026-45321
Project:
TanStack
Product:
TanStack
Date Added:
2026-05-27
Due Date:
2026-06-10
Last Updated:
May 28, 2026

Vulnerability Name

TanStack Unspecified Vulnerability

Description

TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes