TanStack CVE-2026-45321 Added to CISA KEV Under Active Ransomware Exploitation
Key findings • CISA added CVE-2026-45321 to the KEV catalog on May 27, 2026 • The TanStack vulnerability is confirmed actively exploited in the wild • Exploitation is linked to ransomware…
Key findings
- CISA added CVE-2026-45321 to the KEV catalog on May 27, 2026
- The TanStack vulnerability is confirmed actively exploited in the wild
- Exploitation is linked to ransomware campaigns
- Federal agencies must remediate per BOD 22-01 deadlines
- Organizations should patch immediately and review backup integrity
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-45321 to its Known Exploited Vulnerabilities (KEV) catalog on May 27, 2026. The flaw affects a TanStack product and has been confirmed as actively exploited in the wild, with evidence linking it to ransomware operations.
CVE-2026-45321 is the sole TanStack vulnerability added in this batch. While technical details remain limited in the public advisory, the KEV entry confirms that threat actors are leveraging the vulnerability to gain initial access or escalate privileges as part of ransomware attack chains. The ransomware flag marks this as a high-priority concern for organizations running affected TanStack libraries or products in their environments.
The addition to the KEV catalog triggers Binding Operational Directive (BOD) 22-01, which mandates that U.S. federal civilian executive branch agencies remediate the vulnerability within a prescribed timeline — typically 21 days for newly added entries. Private-sector organizations and critical infrastructure operators are strongly urged to follow the same remediation cadence.
Security teams should immediately inventory their TanStack deployments, apply available patches or mitigations, and monitor for indicators of compromise associated with CVE-2026-45321. Given the ransomware association, defenders should also review backup integrity and access controls as a precautionary measure.
Organizations using TanStack Query, TanStack Table, TanStack Router, or other TanStack libraries should consult the vendor's security advisory for specific affected versions and patch guidance. Until remediation is complete, compensating controls such as network segmentation and strict input validation should be considered.