@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +506 more potentially affected by unknown CVE via @tanstack/router-core (>=1.108.0 <=1.169.2)

@tanstack/router-core NPM version =1.108.0, =0.0.1, =0.0.1, =1.0.1, =1.87.15, =0.1.0, =0.2.0, =1.0.0, =0.0.1-alpha.14, =0.1.0, =0.0.2-canary.11, =0.1.0, =1.0.0, =1.0.0, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3473...

MAL-2026-3473 Malicious code in @tanstack/router-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe10ec33a8ef57cbee1293be08884f598f604cc51b69f3eed2d17217efd462d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +506 more potentially affected by CVE-2026-45321 via @tanstack/router-core (>=1.108.0 <=1.169.2)

@tanstack/router-core NPM version =1.108.0, =0.0.1, =0.0.1, =1.0.1, =1.87.15, =0.1.0, =0.2.0, =1.0.0, =0.0.1-alpha.14, =0.1.0, =0.0.2-canary.11, =0.1.0, =1.0.0, =1.0.0, =1.0.3 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERCORE-16640218...