Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Network-delivered malicious package, low complexity, no attacker privileges, but victim must run install (UI:R); symlink replacement is primarily integrity/availability, with only secondary confidentiality (C:L).
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can cause pnpm install --ignore-scripts to replace paths in the current project with symlinks to attacker-controlled dependency package directories. This vulnerability is fixed in 10.34.0 and 11.4.0.
AnalysisAI
Path traversal in pnpm before 10.34.0 and 11.4.0 lets a malicious registry package smuggle '../' segments inside a transitive dependency alias, which pnpm then trusts as a filesystem path while linking dependency nodes. During a normal install - even with pnpm install --ignore-scripts - this allows a published package to replace paths inside the victim's project with symlinks pointing at attacker-controlled dependency directories, corrupting project integrity and enabling downstream code execution. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the victim run a pnpm install (UI:R) with a vulnerable pnpm version (<10.34.0 or <11.4.0) and that the dependency graph resolve a package whose registry metadata supplies a transitive dependency alias containing path-traversal (`../`) segments - i.e., the attacker must control or compromise a package that lands in the project's transitive dependencies. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H = 8.8) reflects a network-delivered, low-complexity attack requiring only that a victim install an affected dependency (UI:R). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes (or compromises) a package whose metadata declares a transitive dependency alias containing `../` path-traversal segments, then gets it into a victim's dependency tree directly or as a transitive dependency. When the victim runs `pnpm install` - even with `--ignore-scripts` - pnpm links that alias to a path outside node_modules, replacing project files or directories with symlinks to attacker-controlled dependency content, which can lead to code execution on next build or run. … |
| Remediation | Vendor-released patch: upgrade pnpm to 10.34.0 (for the 10.x line) or 11.4.0 (for the 11.x line) or later, per advisory GHSA-hwx4-2j3j-g496 (https://github.com/pnpm/pnpm/security/advisories/GHSA-hwx4-2j3j-g496); pin the upgraded version in CI runners, Corepack/`packageManager` fields, and developer environments so older binaries cannot silently run. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all projects using pnpm and document current versions; audit recent package installations for suspicious symlink entries in node_modules. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Arbitrary code execution in the pnpm package manager (versions 10.0.0 through 10.25) lets a git-hosted dependency run co
Arbitrary code execution in the pnpm package manager (versions prior to 10.34.2 and 11.5.3) lets a malicious repository
Arbitrary command execution in pnpm before 10.34.2 and 11.5.3 allows a malicious repository to run attacker-chosen nativ
Supply-chain integrity bypass in pnpm package manager (versions ≤10.26.2, per description; GHSA states <10.26.0) allows
Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered pac
{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primaril
Arbitrary file write and deletion in pnpm package manager (versions prior to 10.34.0 and 11.4.0) lets a malicious contri
Arbitrary command execution in pnpm before 10.34.0 and 11.4.0 allows a malicious lockfile to run code on a developer's m
Path traversal in pnpm's `pnpm stage download` command (versions 11.3.0 through 11.5.2) lets a malicious or compromised
Path traversal in pnpm's global package management flows allows deletion of the global bin directory or its parent when
{ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml files into registry request URLs and cr
pnpm is a package manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authenticati
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39494
GHSA-hwx4-2j3j-g496