This vulnerability (CVE-2026-45321) arises from a sophisticated attack chain exploiting a pull_request_target misconfiguration, GitHub Actions cache poisoning, and runtime memory extraction of the OIDC token. These combined weaknesses allowed an attacker to publish malicious versions of @tanstack packages, including arktype-adapter versions 1.166.12 and 1.166.15, to the npm registry under a legitimate trusted publisher identity. The malicious code embedded in these packages is designed to steal credentials. The attack leverages the trusted GitHub Actions OIDC binding without modifying the publish workflow itself. The CVSS 3.1 score of 9.6 reflects critical severity with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and high impact on confidentiality, integrity, and availability.

The impact is critical as the malicious package versions can compromise user credentials, potentially leading to unauthorized access and further compromise of systems relying on these packages. The integrity of the npm packages is undermined due to the trusted identity used to publish the malware. This affects all users who installed the affected versions 1.166.12 and 1.166.15 of the arktype-adapter package. No known exploits in the wild have been reported yet, but the potential for credential theft and subsequent attacks is significant.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should avoid using the affected versions 1.166.12 and 1.166.15 of the @tanstack arktype-adapter package. Consider reverting to earlier known-good versions or monitoring for vendor updates. Review your supply chain security practices, especially around GitHub Actions workflows and OIDC token handling, to prevent similar attacks. No vendor advisory or official patch information is currently available.