Skip to main content

@beproduct/nestjs-auth CVE-2026-46412

CRITICAL
Embedded Malicious Code (CWE-506)
2026-05-19 https://github.com/BeProduct/beproduct-org-nestjs-auth GHSA-6xwp-cp5h-q856
10.0
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
May 19, 2026 - 20:46 vuln.today
Analysis Generated
May 19, 2026 - 20:46 vuln.today

DescriptionGitHub Advisory

Summary

Between 2026-05-11 20:19 UTC and 22:56 UTC, an attacker used a compromised npm publish token to publish 18 malicious versions of @beproduct/nestjs-auth (0.1.2 through 0.1.19). The packages contained payloads from the Mini Shai-Hulud npm supply-chain worm campaign described by Aikido Security.

npm Security removed the malicious versions from the registry shortly after publication, but anyone who ran npm install @beproduct/nestjs-auth resolving to any version in the affected range during that window executed the malicious postinstall script and is potentially compromised.

Version 0.1.20 is a clean republish from the original 0.1.1 source tree.

Impact

The postinstall payload attempted to harvest:

  • npm tokens (from ~/.npmrc)
  • GitHub personal access tokens, OAuth tokens (gho_*), and Actions OIDC tokens
  • AWS credentials (from environment variables and ~/.aws/credentials)
  • HashiCorp Vault tokens
  • Other secrets present in environment variables

Exfiltration target: https://filev2.getsession.org. The worm also wrote persistence artefacts (tanstack_runner.js, router_init.js, setup.mjs, plus IDE-hook configurations in .claude/ and .vscode/) into the developer's working tree where the malicious install ran.

Indicators of compromise

TypeValue
File name (payload)tanstack_runner.js, router_init.js, router_runtime.js
SHA-256 (tanstack_runner.js)2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96
SHA-256 (router_init.js)ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
Exfil endpointfilev2.getsession.org
Cloud metadata probe169.254.169.254/latest/meta-data/iam/security-credentials/
npm token endpointregistry.npmjs.org/-/npm/v1/tokens
Vault probevault.svc.cluster.local:8200
IDE hook pattern.claude/settings.json SessionStart hook + .vscode/tasks.json runOn: "folderOpen" running node .claude/setup.mjs or node .vscode/setup.mjs

Mitigation

If you installed any version in the range >=0.1.2 <=0.1.19:

  1. Remove the package and clean the npm cache:
bash
   npm uninstall @beproduct/nestjs-auth
   npm cache clean --force
  1. Install the clean version:
bash
   npm install @beproduct/nestjs-auth@0.1.20
  1. Rotate every credential present in the install environment, including:
  • All npm publish tokens (https://www.npmjs.com/settings/<you>/tokens)
  • All GitHub PATs and OAuth tokens (https://github.com/settings/applications + https://github.com/settings/tokens)
  • AWS access keys
  • HashiCorp Vault tokens
  • Any other secret that was in env vars or config files at install time
  1. Scan affected hosts for the indicators of compromise above. If any are found, treat the host as compromised and reimage.
  2. Check committed repository history for unexpected additions in .claude/ or .vscode/ directories - the worm is known to commit setup.mjs + hook configs to PR branches via automated agent runtimes.

Timeline (UTC)

TimeEvent
2026-05-11 20:19:43First malicious version (0.1.2) published
2026-05-11 22:56:39Final malicious version (0.1.19) published - 18 versions in 2h37m
2026-05-12 ~14:12npm Security removes the malicious versions from the registry
2026-05-13BeProduct discovers the incident via Aikido's public disclosure
2026-05-14Compromised npm publish token revoked; BeProduct GitHub OAuth credentials rotated
2026-05-14Clean release 0.1.20 published; this advisory filed

Root cause

The compromised npm publish token was harvested by a Mini-Shai-Hulud-infected transitive dependency in an automated GitHub coding-agent runtime that had read access to the NPM_TOKEN GitHub Actions secret for an unrelated repository under the same npm publisher account. The publish itself was performed by the attacker against the public npm registry; the source repository for this package was not modified by the attacker.

References

  • https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised
  • https://www.aikido.dev/blog/checklist-github-actions

AnalysisAI

Supply-chain compromise of the npm package @beproduct/nestjs-auth (versions 0.1.2 through 0.1.19) delivered the Mini Shai-Hulud worm payload via a malicious postinstall script, harvesting npm, GitHub, AWS, and HashiCorp Vault credentials from any developer or CI host that ran npm install during a 2h37m publication window on 2026-05-11. Confirmed actively exploited during that window via an attacker-controlled npm publish token; clean version 0.1.20 republishes the original 0.1.1 source tree. CVSS 10.0 reflects the unauthenticated, network-driven supply-chain delivery and scope change into the install environment.

Technical ContextAI

The vulnerability is a malicious code insertion (CWE-506, Embedded Malicious Code) into a Node.js library distributed via the public npm registry under pkg:npm/@beproduct_nestjs-auth. The attack abuses npm's lifecycle hooks - specifically the postinstall script - which executes arbitrary Node.js code on the install host before the developer has loaded any of the package's API. The payload is part of the Mini Shai-Hulud worm family documented by Aikido Security, which probes the AWS instance metadata endpoint (169.254.169.254), the npm tokens API (registry.npmjs.org/-/npm/v1/tokens), and Vault cluster endpoints (vault.svc.cluster.local:8200), then exfiltrates to filev2.getsession.org. It also writes persistence artefacts (tanstack_runner.js, router_init.js, setup.mjs) and hooks into developer IDE configurations via .claude/settings.json SessionStart hooks and .vscode/tasks.json folderOpen tasks to re-execute on subsequent IDE sessions.

RemediationAI

Vendor-released patch: @beproduct/nestjs-auth 0.1.20 - uninstall any version in the affected range (npm uninstall @beproduct/nestjs-auth), purge the npm cache (npm cache clean --force), then install 0.1.20 explicitly. Treat any host that installed a malicious version as compromised: rotate every credential that was reachable from the install environment, including npm publish tokens at https://www.npmjs.com/settings/<you>/tokens, GitHub PATs and OAuth tokens at https://github.com/settings/tokens and https://github.com/settings/applications, AWS access keys (and revoke any IAM role credentials the EC2 metadata endpoint could have leaked), and HashiCorp Vault tokens. Scan filesystems and committed repository history for the IoC files tanstack_runner.js, router_init.js, router_runtime.js, setup.mjs, and unexpected additions under .claude/ or .vscode/ - the worm is known to commit these into PR branches via automated agent runtimes. If any IoCs are found, reimage rather than clean in place because IDE-hook persistence can re-execute on the next folder open. Compensating controls for environments that cannot immediately patch: pin lockfiles to 0.1.1 or 0.1.20, set npm install --ignore-scripts in CI to suppress postinstall execution (side effect: legitimate native-module builds may fail and need manual rebuild), and segregate publish tokens so a single compromised runtime cannot publish across the whole publisher namespace. See https://github.com/advisories/GHSA-6xwp-cp5h-q856 and https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised.

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2014-7205 CRITICAL POC
10.0 Oct 08

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2017-14849 HIGH POC
7.5 Sep 28

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc

CVE-2017-5941 CRITICAL POC
9.8 Feb 09

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner

CVE-2014-3744 HIGH POC
7.5 Oct 23

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi

CVE-2014-9566 HIGH POC
7.5 Mar 10

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin

CVE-2013-4660 MEDIUM POC
6.8 Jun 28

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic

CVE-2015-5688 MEDIUM POC
5.0 Sep 04

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2014-7192 CRITICAL POC
10.0 Dec 11

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat

CVE-2013-4450 MEDIUM POC
5.0 Oct 21

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se

Share

CVE-2026-46412 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy