๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-45321: TanStack Unspecified Vulnerability
Summary
TanStack contains a vulnerability that allowed attackers to publish malicious versions of the software to npm (a package repository where developers download code libraries) under the trusted TanStack identity, potentially distributing credential-stealing malware (software that steals login information). This vulnerability is currently being actively exploited by attackers.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS: 0.0%
Yes
๐ฅ Actively Exploited
May 26, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-45321
First tracked: May 27, 2026 at 02:00 PM
Classified by LLM (prompt v3) ยท confidence: 75%