Description
pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if this server was compromised or a person's machine configuration was compromised, pnpm would download and install these dependencies. This vulnerability is fixed in 10.33.4 and 11.0.7.
Published: 2026-06-25
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises because the pnpm lockfile does not store the hash for tarball dependencies fetched from codeload.github.com. When that server is compromised or a user's network environment is malicious, pnpm will download and install the supplied tarball without verifying its integrity, potentially allowing arbitrary code to run during the installation process. The weakness is classified as CWE‑353, a hash or integrity check failure, which directly enables tampering with dependency packages.

Affected Systems

pnpm package manager, versions earlier than 10.33.4 and earlier than 11.0.7. These releases lack the hash verification for GitHub git dependencies and are therefore vulnerable.

Risk and Exploitability

The CVSS score of 4.8 indicates medium severity. The EPSS score is not available, suggesting that exploitation data is scarce at this time. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires a compromised codeload.github.com server or a malicious local network configuration; a standard attacker would need control over that server or the user’s environment to deliver a malicious tarball. Given the medium CVSS score and the need for environmental manipulation, the overall risk remains moderate but should be addressed promptly.

Generated by OpenCVE AI on June 25, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade pnpm to version 10.33.4 or newer, or 11.0.7 or newer, to obtain the patched hash verification logic.
  • Regenerate the lockfile and re‑install dependencies after the upgrade to ensure all integrity hashes are present and verified during install.
  • Configure network access to restrict or validate connections to codeload.github.com, and regularly audit lockfiles for missing hashes to mitigate future supply‑chain tampering.

Generated by OpenCVE AI on June 25, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if this server was compromised or a person's machine configuration was compromised, pnpm would download and install these dependencies. This vulnerability is fixed in 10.33.4 and 11.0.7.
Title pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile
Weaknesses CWE-353
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-25T16:58:57.536Z

Reserved: 2026-05-26T23:26:07.976Z

Link: CVE-2026-48995

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T18:30:14Z

Weaknesses
  • CWE-353

    Missing Support for Integrity Check