Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
Actions On Cyber logo
Contact
← Back to Vulnerability Briefs

Critical Security Issue Found in TanStack Software Packages

A serious security problem was found in many TanStack software packages used in web development. Attackers managed to publish harmful versions of these packages that can steal credentials, posing a risk to organisations using them. This issue is actively being exploited, so urgent action is needed.

27 May 2026

Reference: CVE-2026-45321

1. What is being reported?

Between 19:20 and 19:26 UTC on 11 May 2026, attackers published 84 malicious versions across 42 TanStack software packages on the npm registry. They used a complex attack involving trusted publishing processes and software vulnerabilities to insert malware that can steal login details. The malicious versions were published under legitimate TanStack identities, making detection harder.

2. What this means in plain English

If your organisation uses any TanStack packages, especially for routing or AI features in your web applications, there is a risk that these harmful versions could have been installed, potentially exposing sensitive information like passwords. This could lead to data breaches or unauthorised access to your systems.

3. Could this affect a small business?

Small businesses using TanStack packages in their websites or applications could be affected if they installed the malicious versions. Those not using TanStack software or who rely on external providers to manage their web applications are less likely to be impacted. It is important to check with your IT support.

4. What to do now

  • Contact your IT provider or software supplier immediately to check if you use any TanStack packages and whether you have installed affected versions.
  • Apply any security updates or mitigations recommended by TanStack or your IT provider without delay.
  • If no fix or mitigation is available, consider discontinuing use of the affected TanStack packages until it is safe.
  • Follow general cloud service security guidance, such as that in BOD 22-01, to reduce risks from compromised software.

5. Ask your IT provider

Can you confirm whether our systems use TanStack packages, and if so, have we installed any of the malicious versions identified in CVE-2026-45321? What steps are being taken to protect us?

6. Bottom line

If you use TanStack software, act quickly to check and update it to avoid serious security risks.

Information based on CISA KEV, NVD, and reputable security reporting.

Back to Vulnerability Briefs