Package impact
NPM / @tanstack/react-start
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-45321 | critical | 9.6 | 10.0 | 16d ago | Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys |
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-45321 | critical | 9.6 | 10.0 | 16d ago | Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys |