Skip to main content

pnpm CVE-2026-55487

| EUVDEUVD-2026-39481 HIGH
Origin Validation Error (CWE-346)
2026-06-25 GitHub_M GHSA-5wx6-mg75-v57r
8.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (GitHub_M) PRIMARY
HIGH
qualitative
NVD
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-delivered dependency, no attacker privileges, but a victim must approve a build (UI:R); successful lifecycle execution yields total host compromise so C/I/A all High.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Source Code Evidence Fetched
Jun 29, 2026 - 21:33 vuln.today
Analysis Updated
Jun 29, 2026 - 21:33 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 29, 2026 - 21:32 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 29, 2026 - 21:22 vuln.today
cvss_changed
CVSS changed
Jun 29, 2026 - 21:22 NVD
7.5 (HIGH) 8.8 (HIGH)
Patch available
Jun 25, 2026 - 19:17 EUVD
Analysis Generated
Jun 25, 2026 - 18:15 vuln.today

DescriptionNVD

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator normalized to the same value. This vulnerability is fixed in 10.34.2 and 11.5.3.

AnalysisAI

Build-script approval bypass in the pnpm package manager (versions before 10.34.2, and 11.0.0 through 11.5.2) lets an attacker-controlled dependency source run lifecycle scripts that a user only approved for a different, legitimate source. The generic peer-suffix normalizer stripped parenthesized text from opaque locators (git, URL, tarball, file), so two distinct sources could normalize to the same allowBuilds key - meaning approval of foo@https://host/pkg.tgz also authorized foo@https://host/pkg.tgz(evil). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Inject colliding opaque dependency locator
Delivery
Victim approves legitimate source build
Exploit
Locator normalizes to approved key
Execution
Bypass allowBuilds policy
Persist
Run attacker lifecycle scripts
Impact
Code execution in dev/CI

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) the project to use pnpm with build-script approval (allowBuilds / onlyBuiltDependencies) and a prior user approval of a legitimate OPAQUE-locator source - git, URL, tarball, file, or directory; registry-package identities are NOT affected because they legitimately normalize peer suffixes and retain patch hashes; and (2) the attacker to introduce a second source whose locator normalizes to the same key as the approved one (one of three forms: a parenthesized suffix like (evil), a final-@ semver tail misclassified as a registry package, or a semver-looking source-only tail). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H = 8.8) and SSVC (Exploitation: poc, Automatable: no, Technical Impact: total) align on a serious flaw: network-reachable, low-complexity, no privileges, but requiring user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A developer approves building a trusted opaque dependency such as foo@https://host/pkg.tgz. An attacker who can influence the project's dependency set (e.g. …
Remediation Vendor-released patch: upgrade to pnpm 10.34.2 (for the 10.x line) or 11.5.3 (for the 11.x line), which reject all three normalization-collision forms and enforce byte-exact matching for opaque locators while preserving legitimate registry peer-suffix normalization. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Scan all build systems, development environments, and CI/CD pipelines to identify pnpm installations and document their current versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Pnpm

View all
CVE-2025-69264 CRITICAL POC
9.8 Jan 07

Arbitrary code execution in the pnpm package manager (versions 10.0.0 through 10.25) lets a git-hosted dependency run co

CVE-2023-37478 CRITICAL POC
9.8 Aug 01

pnpm is a package manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentica

CVE-2026-50016 HIGH POC
8.8 Jun 25

Path traversal in pnpm before 10.34.0 and 11.4.0 lets a malicious registry package smuggle '../' segments inside a trans

CVE-2026-55698 HIGH POC
8.8 Jun 25

Arbitrary code execution in the pnpm package manager (versions prior to 10.34.2 and 11.5.3) lets a malicious repository

CVE-2026-55697 HIGH POC
8.8 Jun 25

Arbitrary command execution in pnpm before 10.34.2 and 11.5.3 allows a malicious repository to run attacker-chosen nativ

CVE-2025-69263 HIGH POC
8.8 Jan 07

Supply-chain integrity bypass in pnpm package manager (versions ≤10.26.2, per description; GHSA states <10.26.0) allows

CVE-2022-26183 HIGH POC
8.8 Mar 21

PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unex

CVE-2026-50021 HIGH POC
8.1 Jun 25

Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered pac

CVE-2025-69262 HIGH POC
7.8 Jan 07

{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primaril

CVE-2026-50015 HIGH POC
7.3 Jun 25

Arbitrary file write and deletion in pnpm package manager (versions prior to 10.34.0 and 11.4.0) lets a malicious contri

CVE-2026-50014 HIGH POC
7.3 Jun 25

Arbitrary command execution in pnpm before 10.34.0 and 11.4.0 allows a malicious lockfile to run code on a developer's m

CVE-2026-55700 HIGH POC
7.1 Jun 25

Path traversal in pnpm's `pnpm stage download` command (versions 11.3.0 through 11.5.2) lets a malicious or compromised

Share

CVE-2026-55487 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy