Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
AC:H because the attacker must first control registry content for an already-pinned version; UI:R as a victim must run a non-frozen install; C:H/I:H from installing attacker-chosen code, A:N as availability is not the impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
8DescriptionNVD
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the registry later serves different metadata and tarball content for the same package name and version, pnpm initially reports an integrity mismatch. However, plain pnpm install then performs a resolution repair, accepts the registry's new integrity, updates the lockfile, installs the new content, and exits successfully. This means the lockfile integrity check does not act as a hard stop by default. This vulnerability is fixed in 10.34.0 and 11.4.0.
AnalysisAI
Lockfile integrity bypass in the pnpm package manager (versions below 10.34.0, and 11.0.0 through 11.4.0) lets a malicious or compromised registry override a package version's previously recorded hash. On a plain pnpm install in non-frozen mode, pnpm detects the tarball-vs-lockfile integrity mismatch, warns, then silently performs a 'resolution repair' that accepts the registry's new integrity, rewrites pnpm-lock.yaml, and installs the substituted content while exiting 0. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires three concrete conditions: (1) the install is run in NON-FROZEN mode - i.e., plain `pnpm install` WITHOUT --frozen-lockfile, so pnpm's resolution-repair path is allowed to run; (2) the attacker controls the content the registry returns for an already-locked (package name + version) pair - a compromised/hijacked registry, a malicious mirror, or MITM of a non-HTTPS registry - serving a tarball whose hash differs from the one in pnpm-lock.yaml; (3) the victim runs the install on a clean store/cache so the altered tarball is actually fetched. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and should be read together rather than off the headline CVSS 8.1. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has compromised an internal mirror, a self-hosted registry, or an HTTP registry path replaces the tarball and metadata for an already-pinned dependency (e.g., example-package@1.0.0) with malicious content carrying a new hash. A developer or CI job runs a normal `pnpm install` (non-frozen) on a clean store; pnpm flags the integrity mismatch but then 'repairs' the lockfile, installs the malicious v2 content, rewrites pnpm-lock.yaml to trust it, and exits 0. … |
| Remediation | Vendor-released patch: upgrade to pnpm 10.34.0 (for the 10.x/older line) or pnpm 11.4.0 (for the 11.x line), per advisory GHSA-54hh-g5mx-jqcp (https://github.com/pnpm/pnpm/security/advisories/GHSA-54hh-g5mx-jqcp). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all development and CI/CD environments to identify deployed pnpm versions (< 10.34.0 or 11.0.0-11.4.0). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Arbitrary code execution in the pnpm package manager (versions 10.0.0 through 10.25) lets a git-hosted dependency run co
pnpm is a package manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentica
Path traversal in pnpm before 10.34.0 and 11.4.0 lets a malicious registry package smuggle '../' segments inside a trans
Arbitrary code execution in the pnpm package manager (versions prior to 10.34.2 and 11.5.3) lets a malicious repository
Arbitrary command execution in pnpm before 10.34.2 and 11.5.3 allows a malicious repository to run attacker-chosen nativ
Supply-chain integrity bypass in pnpm package manager (versions ≤10.26.2, per description; GHSA states <10.26.0) allows
PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unex
Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered pac
{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primaril
Arbitrary file write and deletion in pnpm package manager (versions prior to 10.34.0 and 11.4.0) lets a malicious contri
Arbitrary command execution in pnpm before 10.34.0 and 11.4.0 allows a malicious lockfile to run code on a developer's m
Path traversal in pnpm's `pnpm stage download` command (versions 11.3.0 through 11.5.2) lets a malicious or compromised
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39489
GHSA-54hh-g5mx-jqcp