Embedded Malicious Code Affecting @tanstack/react-router package, versions =1.169.5=1.169.8
Threat Intelligence
Snyk has reported that there have been attempts or successful attacks targeting this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JS-TANSTACKREACTROUTER-16640208
- published11 May 2026
- disclosed11 May 2026
- creditashishkurmi
Introduced: 11 May 2026
New Malicious CVE-2026-45321 (opens in a new tab)How to fix?
Avoid using all malicious instances of the @tanstack/react-router package.
Overview
Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/* packages to npm, which then spread to additional packages. The attacker leveraged a pull_request_target misconfiguration, GitHub Actions cache poisoning, and runner memory extraction to hijack TanStack's legitimate CI/CD pipeline. Once installed in a new victim's environment, the malware uses stolen CI/CD credentials and npm tokens to enumerate other packages the victim maintains and automatically republishes them with the same malicious injection, allowing the worm to rapidly spread.
TanStack Maintainer’s Notice
Any developer or CI environment that ran npm install, pnpm install, or yarn install against an affected version on 2026-05-11 should be considered compromised. All credentials accessible to the install process should be rotated immediately. The TanStack team has deprecated the affected 84 versions, is engaging npm security to pull tarballs server-side, and advises users to pin their dependencies to known-good versions published before 2026-05-11. See https://github.com/TanStack/router/issues/7383
Note: Other compromised packages have been observed to follow the same actions, but due to the worm-like behavior, this incident is ongoing.
Malware Behavior
According to researchers and the public incident-tracking issue, the ~2.3 MB obfuscated payload (router_init.js and tanstack_runner.js) is designed to harvest credentials from common locations, including AWS, GCP, Kubernetes, HashiCorp Vault, GitHub tokens, npm tokens, SSH keys, and cryptocurrency wallets. The malware exfiltrates the stolen data using the decentralized Session/Oxen messenger file-upload network (filev2.getsession.org), which is end-to-end encrypted and lacks a traditional attacker-controlled C2 server to block.
The malware will proceed to persist on the system by modifying Claude Code hooks (.claude/settings.json), VS Code tasks (.vscode/tasks.json), and installing OS-level services (such as a gh-token-monitor daemon in macOS or systemd) to survive reboots. If you find any unexpected files or modifications in these locations, you have been compromised and should no longer trust the system to be safe.