Zapier Exploit Chain Grants Unauthorized NPM Access
Severity: Medium (Score: 57.6)
Sources: Feeds2.Feedburner, www.token.security
Published: · Updated:
Keywords: zapier, chain, token, security, exploit, five-stage, packages
Summary
Researchers at Token Security disclosed a five-stage exploit chain that allowed a free Zapier account to gain write access to both public and internal NPM packages. Each stage of the chain exploited known anti-patterns, culminating in a significant security vulnerability. The attack vector involved a sandbox escape within Zapier's Code by Zapier feature, which executes user-supplied Python and JavaScript in AWS Lambda containers. The vulnerability was reported on February 12, 2026, and was triaged by Zapier within four days, leading to the revocation of a leaked NPM token and tightening of AWS roles. The incident highlights the risks associated with supply chain vulnerabilities in widely used developer tools. No specific CVEs were disclosed in the articles. The current status indicates that the vulnerability has been addressed by Zapier. Key Points: • A five-stage exploit chain allowed unauthorized access to Zapier's NPM packages. • The vulnerability was based on known anti-patterns and involved a sandbox escape. • Zapier responded quickly, revoking a leaked NPM token and tightening security measures.
Detailed Analysis
**Impact** The exploit chain affected Zapier’s NPM packages, including public developer SDKs and internal packages loaded in every authenticated zapier.com session. This grants unauthorized write access to all Zapier-published NPM packages, potentially impacting all users and integrations relying on these packages globally. The compromise could lead to supply chain attacks affecting numerous sectors using Zapier’s automation services. **Technical Details** The attack leveraged a five-stage exploit chain starting with sandbox escape in Zapier’s Code by Zapier feature, which runs user-supplied Python and JavaScript inside AWS Lambda containers. Each stage exploited known anti-patterns, culminating in unauthorized write access to Zapier’s NPM packages. No specific CVEs or malware names were provided. The chain was demonstrated end-to-end up to stage 4; stage 5 was identified but not executed. The compromised AWS role and leaked NPM token were key infrastructure elements. **Recommended Response** Revoke and rotate any leaked NPM tokens and AWS roles immediately. Harden AWS Lambda execution roles and review sandbox configurations to prevent code escape. Deploy detections for unusual write operations to NPM packages and monitor for unauthorized package updates. Patch or reconfigure any identified anti-patterns in the Code by Zapier feature. Further details on IOCs were not provided.
Source articles (2)
- Zapier exploit chain shows how known anti — Feeds2.Feedburner · 2026-05-28
A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every… - Token Security’s website — www.token.security · 2026-05-28
Zapier’s Code by Zapier feature runs user-supplied Python and JavaScript inside AWS Lambda containers. A five-stage chain — starting from a straightforward sandbox escape and ending in a supply chain…
Timeline
- 2026-02-12 — Exploit chain reported to Zapier: Token Security disclosed a five-stage exploit chain that compromised Zapier's NPM packages.
- 2026-02-16 — Zapier triages the report: Zapier acknowledged the report within four days and began remediation efforts.
- 2026-05-28 — Public disclosure of exploit chain: Token Security published details of the exploit chain and its implications for Zapier's security.
Related entities
- Supply Chain Attack (Attack Type)
- Token Security (Company)
- Zapier (Company)
- AWS (Company)
- zapier.com (Domain)
- T1195 - Supply Chain Compromise (Mitre Attack)
- Npm (Tool)