Snyk: TanStack Supply Chain Attack: OIDC Token Theft Explained

Name: Snyk: TanStack Supply Chain Attack: OIDC Token Theft Explained
Uploaded: 2026-06-18T17:42:21-04:00
Duration: 1 min 45 s
Description: TL;DR On May 11, 2026, attackers compromised 84 malicious npm package versions across 42 TanStack packages by hijacking the legitimate release pipeline rather than stealing credentials. The attack exploited three chained vulnerabilities: GitHub Actions...

Snyk

06/18/2026

0 (0%)

Report Like Favorite

TL;DR

On May 11, 2026, attackers compromised 84 malicious npm package versions across 42 TanStack packages by hijacking the legitimate release pipeline rather than stealing credentials.
The attack exploited three chained vulnerabilities: GitHub Actions workflow misconfiguration, cache poisoning, and OIDC token extraction from runner memory to publish with TanStack's trusted identity.
Malicious packages shipped with valid SLSA build level 3 provenance attestations, demonstrating that cryptographic certificates alone cannot prevent sophisticated supply chain attacks when the pipeline itself is compromised.

Summary

This briefing examines a sophisticated supply chain attack that compromised 84 malicious npm package versions across 42 TanStack packages on May 11, 2026. Unlike traditional credential theft attacks, this incident exploited GitHub Actions workflows to hijack TanStack's legitimate release pipeline mid-execution. The attacker published malicious packages using TanStack's own trusted identity, complete with valid SLSA build level 3 provenance attestations—cryptographic certificates designed to verify package integrity. The attack chained three distinct vulnerabilities: a Pwn request exploiting GitHub Actions workflow misconfiguration, GitHub Actions cache poisoning executed eight hours before the release workflow, and OIDC token extraction from runner process memory. Within hours, the attack self-propagated to Mistral AI, UiPath, and dozens of other npm namespaces, ultimately affecting over 170 packages. This incident represents wave four of the ShyHalut campaign attributed to TeamPCP, the same threat group linked to the Bitwarden CLI compromise in April 2026 and the Aqua Security TriviScanner attack in March 2026.

Chapters

0:00 - Attack Overview
0:17 - Pipeline Hijacking Method
0:46 - Three-Vulnerability Chain
1:17 - Propagation and Attribution

Key Quotes

0:17 "Here's what makes this attack different from every supply chain attack before it."
0:21 "The attacker did not steal tanstack's credentials. They hijacked the tanstack's legitimate release pipeline mid-workflow and published using tanstack's own trusted identity."
0:37 "That's a mouthful, but it's the cryptographic certificates that are supposed to help ensure a package is safe. In this case, those certificates were legitimate. The pipeline was not."

FAQ

How did this attack differ from typical supply chain compromises?

Instead of stealing credentials, the attacker hijacked TanStack's legitimate release pipeline mid-workflow and published malicious packages using the project's own trusted identity, complete with valid cryptographic certificates that are supposed to verify package safety.

What are the three vulnerabilities that were chained together in this attack?

The attack exploited a Pwn request targeting GitHub Actions workflow misconfiguration, GitHub Actions cache poisoning executed eight hours before the release workflow ran, and OIDC token extraction from runner process memory to steal authentication tokens before the legitimate publish step.

Categories:

» Cybersecurity » Application Security
» Data Protection

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

06/23/2026

01:00 PM

06/23/2026

The AI-Powered VMware Alternative

https://www.truthinit.com/index.php/channel/2009/the-ai-powered-vmware-alternative/
06/24/2026

11:00 AM

06/24/2026

LATAM: Accelerating Insights on AI Through an Engaging Webinar Series

https://www.truthinit.com/index.php/channel/2012/accelerating-insights-on-ai-through-an-engaging-webinar-series/
06/25/2026

01:00 PM

06/25/2026

Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier

https://www.truthinit.com/index.php/channel/1998/generative-ai-security-preventing-ai-from-becoming-a-data-breach-multiplier/
06/30/2026

01:00 PM

06/30/2026

Mastering Active Directory Certificate Services for Long-Term Success

https://www.truthinit.com/index.php/channel/2018/mastering-active-directory-certificate-services-for-long-term-success/
07/01/2026

04:00 AM

07/01/2026

Integrating Security in AI: Automated Red Teaming Strategies for Private Models

https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
07/01/2026

04:00 AM

07/01/2026

Schutz von KI in Anwendungen, Agenten und APIs.

https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
07/01/2026

01:00 PM

07/01/2026

How to Prevent Your AI from Taking Control of You

https://www.truthinit.com/index.php/channel/2021/how-to-prevent-your-ai-from-taking-control-of-you/
07/02/2026

10:00 AM

07/02/2026

When the cloud goes dark: Resilience lessons from hybrid threats

https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-when-the-cloud-faces-challenges/
07/07/2026

01:00 PM

07/07/2026

A Comprehensive Demonstration of DLP Solutions and Strategies

https://www.truthinit.com/index.php/channel/2030/a-comprehensive-demonstration-of-dlp-solutions-and-strategies/
07/09/2026

01:00 PM

07/09/2026

Agentic Trust in Practice: Enhancing the Human Experience

https://www.truthinit.com/index.php/channel/2026/agentic-trust-in-practice-enhancing-the-human-experience/
07/14/2026

11:00 AM

07/14/2026

Discover the Latest Innovations in Netwrix 1Secure During This Technical Session

https://www.truthinit.com/index.php/channel/2014/discover-the-latest-innovations-in-netwrix-1secure-during-this-technical-session/
07/21/2026

04:00 AM

07/21/2026

Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
07/21/2026

01:00 PM

07/21/2026

HUMAN Dialogue: Insights from Attackers Revealed at the FIFA World Cup

https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-revealed-at-the-fifa-world-cup/
07/22/2026

06:30 AM

07/22/2026

Insights and Strategies for Effective Data Privacy and Protection Practices

https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection-practices/
07/28/2026

01:00 PM

07/28/2026

Illumio: Zero Trust in the Age of AI Autonomy

https://www.truthinit.com/index.php/channel/2031/illumio-zero-trust-in-the-age-of-ai-autonomy/
07/29/2026

04:00 AM

07/29/2026

Real-Time Strategies for Safeguarding Against Prompt Injections

https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
09/30/2026

04:00 AM

09/30/2026

AI Command Center: Optimizing Visibility and Control in Your Operations

https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/