A vulnerability was detected in Tanstack DB up to 0.6.8. The function select of the file src/query/compiler/select.ts of the component Alias Path Handler can be manipulated to improperly control modification of object prototype attributes. The attack may be launched remotely. A patch is identified as ac09b1177a100eafa85cba3cd09dd1f53f933ded. Users of Tanstack DB up to version 0.6.8 should apply the patch [truncated]
A critical-severity vulnerability in TanStack has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog with confirmed known ransomware campaign use. The vulnerability is currently unspecified in publicly available details. CISA has established a remediation due date of June 10, 2026. Organizations should prioritize mitigation efforts in accordance with vendor guidance and applicable Binding [truncated]