Skip to main content

pnpm CVE-2026-55698

| EUVDEUVD-2026-39484 HIGH
Insufficient Verification of Data Authenticity (CWE-345)
2026-06-25 GitHub_M GHSA-w466-c33r-3gjp
8.8
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Malicious repo is network-delivered and unauthenticated (AV:N/PR:N) but the victim must run pnpm (UI:R); resulting arbitrary code execution yields full C:H/I:H/A:H with unchanged scope.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jun 25, 2026 - 19:17 EUVD
Analysis Generated
Jun 25, 2026 - 18:17 vuln.today

DescriptionCVE.org

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained matching pnpm and @pnpm/exe versions. A malicious repository could therefore commit package-manager lockfile package records and snapshots that bypassed fresh package-manager resolution, then cause pnpm to install and execute bytes selected by that committed lockfile state during automatic version switching. This vulnerability is fixed in 10.34.2 and 11.5.3.

AnalysisAI

Arbitrary code execution in the pnpm package manager (versions prior to 10.34.2 and 11.5.3) lets a malicious repository hijack pnpm's automatic version-switching mechanism. By committing crafted package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml - including matching pnpm and @pnpm/exe versions plus package records and snapshots - an attacker bypasses fresh package-manager resolution and causes pnpm to install and execute attacker-selected bytes when a developer runs pnpm in the cloned repo. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Publish repo with poisoned pnpm-lock.yaml
Delivery
Victim clones and runs pnpm
Exploit
Auto version-switch trusts committed metadata
Execution
Bypass fresh package-manager resolution
Persist
Install attacker-selected bytes
Impact
Execute arbitrary code on developer host

Vulnerability AssessmentAI

Exploitation Exploitation requires that the victim run pnpm directly inside an attacker-controlled repository whose committed pnpm-lock.yaml has been crafted to persist package-manager bootstrap metadata (packageManagerDependencies) in its first YAML document, with the committed env lockfile containing matching pnpm and @pnpm/exe versions so that automatic package-manager version switching is triggered and fresh resolution is bypassed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base 8.8) indicates a low-complexity, unauthenticated, network-reachable attack whose only significant constraint is required user interaction (UI:R) - a developer must run pnpm inside the malicious repository. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes a tempting open-source repository (or submits a pull request) whose committed pnpm-lock.yaml carries crafted package-manager bootstrap metadata with matching pnpm and @pnpm/exe versions and attacker-chosen package records/snapshots. A developer clones the repo and runs a normal pnpm command, triggering automatic version switching; pnpm trusts the committed lockfile state, skips fresh resolution, and installs and executes the attacker-selected bytes on the developer's machine. …
Remediation Vendor-released patch: upgrade pnpm to 10.34.2 (10.x line) or 11.5.3 (11.x line) as the primary and complete fix, per GitHub Security Advisory GHSA-w466-c33r-3gjp (https://github.com/pnpm/pnpm/security/advisories/GHSA-w466-c33r-3gjp). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all pnpm deployments in development and CI/CD environments; disable or restrict repository cloning from untrusted external sources; notify development teams of the vulnerability. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Pnpm

View all
CVE-2025-69264 CRITICAL POC
9.8 Jan 07

Arbitrary code execution in the pnpm package manager (versions 10.0.0 through 10.25) lets a git-hosted dependency run co

CVE-2026-50016 HIGH POC
8.8 Jun 25

Path traversal in pnpm before 10.34.0 and 11.4.0 lets a malicious registry package smuggle '../' segments inside a trans

CVE-2026-55697 HIGH POC
8.8 Jun 25

Arbitrary command execution in pnpm before 10.34.2 and 11.5.3 allows a malicious repository to run attacker-chosen nativ

CVE-2025-69263 HIGH POC
8.8 Jan 07

Supply-chain integrity bypass in pnpm package manager (versions ≤10.26.2, per description; GHSA states <10.26.0) allows

CVE-2026-50021 HIGH POC
8.1 Jun 25

Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered pac

CVE-2025-69262 HIGH POC
7.8 Jan 07

{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primaril

CVE-2026-50015 HIGH POC
7.3 Jun 25

Arbitrary file write and deletion in pnpm package manager (versions prior to 10.34.0 and 11.4.0) lets a malicious contri

CVE-2026-50014 HIGH POC
7.3 Jun 25

Arbitrary command execution in pnpm before 10.34.0 and 11.4.0 allows a malicious lockfile to run code on a developer's m

CVE-2026-55700 HIGH POC
7.1 Jun 25

Path traversal in pnpm's `pnpm stage download` command (versions 11.3.0 through 11.5.2) lets a malicious or compromised

CVE-2026-55699 MEDIUM POC
6.5 Jun 25

Path traversal in pnpm's global package management flows allows deletion of the global bin directory or its parent when

CVE-2026-55180 MEDIUM POC
6.5 Jun 25

{ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml files into registry request URLs and cr

CVE-2024-47829 MEDIUM POC
6.5 Apr 23

pnpm is a package manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authenticati

Share

CVE-2026-55698 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy