← ExploitWatch
HomeExploited Vulnerabilities

CVE-2026-45321 — Actively Exploited: TanStack (TanStack)

TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.

CVE IDCVE-2026-45321
VendorTanStack
ProductTanStack
Vulnerability nameTanStack Unspecified Vulnerability
Date added2026-05-27
Remediation due2026-06-10
Known ransomware useKnown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionTanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →