Security Advisory

TanStack Supply Chain Attack Security Advisory (CVE-2026-45321)

May 21 2026

TanStack Supply Chain Attack Security Advisory (CVE-2026-45321)

TanStack has released a security update to address a supply-chain attack (compromised distribution path) issue in its products. the issue has been identified as CVE-2026-45321.

affected are multiple @tanstack/* packages.
examples include the @tanstack/react-router, @tanstack/solid-router, @tanstack/vue-router, and @tanstack/start families, as well as various devtools, adapter, and plugin packages.
vulnerable versions of these packages were listed along with their fixes.
a TanStack npm supply-chain compromise postmortem and GitHub security advisory were provided on the reference site.

users should update the affected packages to the latest version of the Vulnerability Patch, according to the advisory. the reference site explained that the attack leaks cloud credentials, GitHub tokens, and SSH keys.

Previous Post

Mozilla Product Security Update Advisory

Next Post

NVIDIA Product Security Update Advisory (CVE-2026-24187)