Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attacker needs no privileges on the victim system (PR:N, AV:N), but developer must invoke pnpm in a malicious repository (UI:R); only the npm token is exposed, so C:H with no integrity or availability impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped _authToken. The repository does not provide a token-bearing auth line. It only sets registry= to a different registry URL. During normal pnpm metadata/install workflows, pnpm binds the user-origin unscoped credential to the repository-selected registry and sends it as an Authorization header. This vulnerability is fixed in 10.34.0 and 11.4.0.
AnalysisAI
Credential leakage in pnpm package manager versions prior to 10.34.0 and 11.4.0 exposes a developer's unscoped npm authentication token to attacker-controlled registries. When a project-level .npmrc overrides the registry URL without supplying its own auth token, pnpm incorrectly inherits and forwards the user's globally-configured unscoped _authToken to that foreign registry as an Authorization header. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Three conditions must be simultaneously true for exploitation: (1) the victim developer has an unscoped _authToken stored in their user-level npm configuration (e.g., ~/.npmrc contains a bare _authToken= line not scoped to a specific registry host); (2) the attacker can get the developer to execute pnpm metadata fetch or install commands inside a repository whose project-level .npmrc sets registry= to an attacker-controlled URL; and (3) that project .npmrc does not supply its own auth token for the redirected registry, which triggers the fallback to the user's global unscoped credential. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N) scores 6.9, reflecting high confidentiality impact against a network-accessible attack path, tempered by the UI:A requirement - the developer must actively invoke pnpm in a malicious repository. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker sets up a server acting as a fake npm registry and publishes or contributes a repository whose .npmrc contains registry=https://attacker-controlled-registry.example.com with no associated auth line. When a developer who has an unscoped _authToken in their ~/.npmrc clones the repository and runs pnpm install, pnpm resolves the attacker's registry as the target and forwards the developer's token in the Authorization header. … |
| Remediation | Upgrade pnpm to version 10.34.0 or later (v10 branch) or 11.4.0 or later (v11 branch), as confirmed by vendor advisory GHSA-cjhr-43r9-cfmw at https://github.com/pnpm/pnpm/security/advisories/GHSA-cjhr-43r9-cfmw. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39495
GHSA-cjhr-43r9-cfmw