{"data":{"id":"b11408fb-e8d8-42d2-9d99-b3b1b84bad97","title":"CVE-2026-45321: TanStack Unspecified Vulnerability","summary":"TanStack contains a vulnerability that allowed attackers to publish malicious versions of the software to npm (a package repository where developers download code libraries) under the trusted TanStack identity, potentially distributing credential-stealing malware (software that steals login information). This vulnerability is currently being actively exploited by attackers.","solution":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45321","publishedAt":"2026-05-27T00:00:00.000Z","cveId":"CVE-2026-45321","cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TanStack"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"active","epssScore":0.00027,"patchAvailable":true,"disclosureDate":"2026-05-27T00:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":["AML.T0010"]}}