VIR Vulnerability Intelligence Relay

Package impact

npm npm / @tanstack/react-start-server

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45321 critical 9.6 10.0 17d ago TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.