Skip to main content

pnpm CVE-2026-55697

| EUVDEUVD-2026-39483 HIGH
OS Command Injection (CWE-78)
2026-06-25 GitHub_M GHSA-gj8w-mvpf-x27x
8.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (GitHub_M) PRIMARY
HIGH
qualitative
NVD
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Malicious repo content is network-delivered (AV:N) and trivially triggered (AC:L) with no attacker privileges (PR:N), but requires the victim to run install (UI:R); arbitrary binary execution yields total C/I/A impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Updated
Jun 30, 2026 - 19:13 vuln.today
v3 (cvss_changed)
Source Code Evidence Fetched
Jun 30, 2026 - 19:13 vuln.today
Analysis Updated
Jun 30, 2026 - 19:13 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 30, 2026 - 19:07 vuln.today
cvss_changed
CVSS changed
Jun 30, 2026 - 19:07 NVD
7.5 (HIGH) 8.8 (HIGH)
Patch available
Jun 25, 2026 - 19:17 EUVD
Analysis Generated
Jun 25, 2026 - 18:17 vuln.today

DescriptionNVD

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as an install-engine opt-in. During install, pnpm resolved a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config/<packageName> and spawned it as the developer or CI user. This vulnerability is fixed in 10.34.2 and 11.5.3.

AnalysisAI

Arbitrary command execution in pnpm before 10.34.2 and 11.5.3 allows a malicious repository to run attacker-chosen native binaries as the developer or CI user during a routine install. The flaw stems from pnpm processing configDependencies in pnpm-workspace.yaml before command dispatch: a repo could declare pacquet/@pnpm/pacquet as a config dependency, causing pnpm to resolve a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config and spawn it. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Publish malicious repo with crafted pnpm-workspace.yaml
Delivery
Victim clones and runs pnpm install
Exploit
pnpm resolves repo-declared pacquet config dependency
Execution
Spawn @pacquet/<platform>-<arch>/pacquet binary
Impact
Execute attacker code as developer/CI user

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to run pnpm install (UI:R) on an attacker-controlled repository whose pnpm-workspace.yaml declares pacquet or @pnpm/pacquet as a configDependency, and which supplies a malicious @pacquet/<platform>-<arch>/pacquet native binary matching the victim's platform/arch. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed but lean toward a real, situational priority for developer and CI/CD environments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes or contributes to a repository whose pnpm-workspace.yaml declares pacquet (or @pnpm/pacquet) as a config dependency and ships a malicious @pacquet/<platform>-<arch>/pacquet native binary. A developer or CI pipeline clones the repo and runs pnpm install, at which point pnpm resolves and spawns the attacker's binary with the developer/CI user's privileges, achieving code execution. …
Remediation Vendor-released patch: upgrade pnpm to 10.34.2 (10.x line) or 11.5.3 (11.x line), as documented in GitHub Security Advisory GHSA-gj8w-mvpf-x27x (https://github.com/pnpm/pnpm/security/advisories/GHSA-gj8w-mvpf-x27x); pin the patched version in CI runner images and developer toolchains. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all projects using pnpm and document current versions in use. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Pnpm

View all
CVE-2025-69264 CRITICAL POC
9.8 Jan 07

Arbitrary code execution in the pnpm package manager (versions 10.0.0 through 10.25) lets a git-hosted dependency run co

CVE-2026-50016 HIGH POC
8.8 Jun 25

Path traversal in pnpm before 10.34.0 and 11.4.0 lets a malicious registry package smuggle '../' segments inside a trans

CVE-2026-55698 HIGH POC
8.8 Jun 25

Arbitrary code execution in the pnpm package manager (versions prior to 10.34.2 and 11.5.3) lets a malicious repository

CVE-2025-69263 HIGH POC
8.8 Jan 07

Supply-chain integrity bypass in pnpm package manager (versions ≤10.26.2, per description; GHSA states <10.26.0) allows

CVE-2026-50021 HIGH POC
8.1 Jun 25

Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered pac

CVE-2025-69262 HIGH POC
7.8 Jan 07

{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primaril

CVE-2026-50015 HIGH POC
7.3 Jun 25

Arbitrary file write and deletion in pnpm package manager (versions prior to 10.34.0 and 11.4.0) lets a malicious contri

CVE-2026-50014 HIGH POC
7.3 Jun 25

Arbitrary command execution in pnpm before 10.34.0 and 11.4.0 allows a malicious lockfile to run code on a developer's m

CVE-2026-55700 HIGH POC
7.1 Jun 25

Path traversal in pnpm's `pnpm stage download` command (versions 11.3.0 through 11.5.2) lets a malicious or compromised

CVE-2026-55699 MEDIUM POC
6.5 Jun 25

Path traversal in pnpm's global package management flows allows deletion of the global bin directory or its parent when

CVE-2026-55180 MEDIUM POC
6.5 Jun 25

{ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml files into registry request URLs and cr

CVE-2024-47829 MEDIUM POC
6.5 Apr 23

pnpm is a package manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authenticati

Share

CVE-2026-55697 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy