Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Malicious config is delivered remotely (AV:N) but requires the victim to run patch-remove (UI:R) with no auth (PR:N); arbitrary file deletion gives I:H with partial A:L and no confidentiality (C:N).
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Lifecycle Timeline
2DescriptionCVE.org
pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0.
AnalysisAI
Arbitrary file deletion in pnpm before 10.34.4 and 11.7.0 allows a malicious project to delete any file reachable by the user when they run 'pnpm patch-remove'. A crafted patch entry escapes the configured patches directory via path traversal (CWE-22), so cloning or installing an attacker-controlled repository and running the patch-remove command destroys files outside the project. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) the victim to open/consume an attacker-controlled project whose pnpm patch configuration contains a crafted patch entry with a path-traversal path escaping the configured patches directory, and (2) the victim to actively run 'pnpm patch-remove' on a vulnerable version (pnpm < 10.34.4 or < 11.7.0). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals point to a moderate, interaction-gated risk rather than a mass-exploitation threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes a repository or package whose pnpm patch configuration includes a crafted patch entry with a traversal path pointing outside the patches directory. A developer clones or installs the project and runs 'pnpm patch-remove' as part of dependency maintenance, at which point pnpm resolves the path outside the intended directory and deletes an arbitrary reachable file such as a source, config, or credential file. … |
| Remediation | Vendor-released patch: upgrade pnpm to 10.34.4 (for the 10.x line) or 11.7.0 (for the 11.x line) as documented in the advisory at https://github.com/pnpm/pnpm/security/advisories/GHSA-72r4-9c5j-mj57; pin the patched version in CI images and developer toolchains. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Alert development teams to avoid running 'pnpm patch-remove' against external or untrusted repositories; audit recent usage of this command for suspicious activity. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Arbitrary code execution in the pnpm package manager (versions 10.0.0 through 10.25) lets a git-hosted dependency run co
pnpm is a package manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentica
Path traversal in pnpm before 10.34.0 and 11.4.0 lets a malicious registry package smuggle '../' segments inside a trans
Arbitrary code execution in the pnpm package manager (versions prior to 10.34.2 and 11.5.3) lets a malicious repository
Arbitrary command execution in pnpm before 10.34.2 and 11.5.3 allows a malicious repository to run attacker-chosen nativ
Supply-chain integrity bypass in pnpm package manager (versions ≤10.26.2, per description; GHSA states <10.26.0) allows
PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unex
Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered pac
{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primaril
Arbitrary file write and deletion in pnpm package manager (versions prior to 10.34.0 and 11.4.0) lets a malicious contri
Arbitrary command execution in pnpm before 10.34.0 and 11.4.0 allows a malicious lockfile to run code on a developer's m
Path traversal in pnpm's `pnpm stage download` command (versions 11.3.0 through 11.5.2) lets a malicious or compromised
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41881