Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: tanstack (3 articles)Clear

CISA adds three to KEV: TanStack CVE-2026-45321 and Nx Console CVE-2026-48027 (TeamPCP) plus Daemon Tools Lite CVE-2026-8398

CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog based on active-exploitation evidence. Two formally recognize the TeamPCP supply-chain wave that dominated mid-May: CVE-2026-45321 (TanStack) and CVE-2026-48027 (Nx Console embedded malicious code), the latter tied to the trojanized VS Code extension that led to GitHub's own 3,800-repo internal breach. The third, CVE-2026-8398, is an embedded-malicious-code flaw in the Daemon Tools Lite disc-imaging utility. FCEB agencies must remediate all three by the BOD 22-01 deadline; CISA urges all organizations to prioritize them. The additions confirm the supply-chain compromises moved from disclosure to documented in-the-wild exploitation.

Check
Confirm TanStack (CVE-2026-45321) and Nx Console (CVE-2026-48027) remediation from the mid-May supply-chain wave is complete. Inventory Daemon Tools Lite installs for CVE-2026-8398.
Affected
Organizations exposed to the TeamPCP supply-chain compromises (TanStack, Nx Console) and any endpoint running a vulnerable Daemon Tools Lite disc-imaging build. Federal agencies bound by BOD 22-01.
Fix
Remediate all three by CISA's KEV deadline. Verify Nx Console is 18.100.0+ and TanStack dependencies are clean. Remove or update Daemon Tools Lite. Rotate credentials from the supply-chain incidents.

Grafana confirms its GitHub breach started with the TanStack npm supply-chain attack (TeamPCP)

Grafana Labs has confirmed that its previously disclosed GitHub breach started with the TanStack npm supply-chain attack run by TeamPCP, the same one that hit OpenAI and Mistral AI. Grafana detected the activity on May 11, rotated a significant number of GitHub workflow tokens, but one token slipped through and the attacker used it to pull Grafana's codebase. The downstream extortion attempt under the CoinbaseCartel banner came on May 16 and Grafana refused to pay, citing FBI guidance. The incident chains TeamPCP's TanStack OIDC-token theft into a directly observable secondary breach at a major observability vendor.

Check
If you maintained or rebuilt Grafana forks since May 11, or used Grafana Labs GitHub Actions, audit CI logs and outbound traffic against TanStack-attack IoCs published by Wiz and Snyk.
Affected
Grafana Labs (codebase, already public). New attribution links the breach to the TanStack supply-chain attack. No direct customer or Grafana Cloud impact reported.
Fix
Adopt OIDC trusted publishing. Treat GitHub Actions workflow tokens as short-lived and rotate aggressively. Seed canary tokens in private repos - Grafana detected this breach via a canary trigger.

TeamPCP supply-chain worm 'Mini Shai-Hulud' hits TanStack, Mistral AI, UiPath, OpenSearch, and Guardrails AI - 170 packages, 401 malicious versions, 518 million weekly downloads (CVE-2026-45321)

TeamPCP launched its largest supply-chain attack to date on May 11, compromising 170+ npm and PyPI packages with 518 million combined weekly downloads. The attackers chained three GitHub Actions vulnerabilities to publish 401 malicious versions carrying valid SLSA Build Level 3 attestations - cryptographically indistinguishable from legitimate releases. Affected packages include TanStack, Mistral AI (npm and PyPI), UiPath, OpenSearch, and Guardrails AI. The worm installs a persistent gh-token-monitor daemon that triggers 'rm -rf ~/' if tokens get revoked, and includes a probabilistic full-disk-wipe routine for Israeli and Iranian locales.

Check
Audit lockfiles for @tanstack/* (84 affected versions), @uipath/* (66 versions), @mistralai/*, opensearch-project/opensearch 3.5.3-3.8.0, guardrails-ai 0.10.1, mistralai 2.4.6.
Affected
Any Node.js or Python environment that installed compromised packages between May 11 and registry takedown. CI/CD pipelines, developer workstations, AI/ML environments. Crypto wallets and password managers (1Password, Bitwarden) are primary exfil targets.
Fix
Remove gh-token-monitor daemon BEFORE revoking tokens (~/Library/LaunchAgents macOS, ~/.config/systemd/user/ Linux) - removal first prevents triggering the wipe. Pin lockfiles to clean versions. Rotate all npm tokens, GitHub PATs, cloud credentials, and crypto wallet seeds.