Affected product
TanStack npm Package (supply chain)
Remediation Steps
- Audit all dependencies on TanStack npm package and identify affected versions in software bill of materials (SBOM)
- Update TanStack to patched version and rebuild all dependent applications
- Scan development environments and CI/CD pipelines for malware artifacts from Mini Shai-Hulud campaign
- Review employee device access logs for unauthorized activities corresponding to infection timeline
- Implement npm package integrity verification and code signing validation in supply chain
References
Coverage on defend.network
- Vulnerability Priority Report – Week 3 of May 2026 (May 18 – 24)
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.