CVE-2026-45321 - Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
CVE ID :CVE-2026-45321 Published : May 12, 2026, 1:16 a.m. | 1 hour, 49 minutes ago Description :On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimat
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Adaptive deterrence urged to counter India’s hostile posture
- [CYBER] CVE-2026-40137 - Cross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)
- [CYBER] CVE-2026-40136 - Denial of service (DoS) in SAP Financial Consolidation
- [CYBER] CVE-2026-40135 - OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
- [CYBER] CVE-2026-40134 - Missing Authorization Check in SAP Incentive and Commission Management
- [CYBER] CVE-2026-40133 - Missing Authorization check in SAP S/4HANA Condition Maintenance