CVE-2026-50014 - Vulnerability Details

Description

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option such as --upload-pack=<command>. For SSH and local transports, --upload-pack can execute the supplied command. HTTPS transports ignore --upload-pack, so the practical attack surface is primarily SSH or local git dependencies. This vulnerability is fixed in 10.34.0 and 11.4.0.

Published: 2026-06-25

Score: 6.4 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability originates from pnpm passing lockfile‑controlled git resolution.commit directly to the git fetch command without proper delimiter or validation. When a malicious lockfile replaces the expected 40‑character commit hash with a git option such as --upload-pack=<command>, an attacker can inject arbitrary git options. For git dependencies retrieved by the shallow‑fetch path over SSH or local transports, the --upload-pack option enables execution of the supplied command on the host that runs pnpm, effectively allowing remote code execution. HTTPS transports ignore the --upload-pack option, so the practical attack surface is limited to SSH or local dependencies.

Affected Systems

pnpm package managers released before 10.34.0 and before 11.4.0 are affected. Only the pnpm product is listed as impacted by the CNA.

Risk and Exploitability

The CVSS v3.1 score of 6.4 indicates a moderate security impact. No EPSS score is published, so the likelihood of exploit remains uncertain. The vulnerability is not listed in CISA's KEV catalog. An attacker must supply a crafted lockfile that is processed during an npm install operation. If the lockfile references a git repository over SSH or a local path, the injected --upload-pack command will be executed with the permissions of the build environment, potentially allowing the execution of arbitrary code with elevated privileges.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

pnpm

affected

Version	Status	Constraints
`< 10.33.4`	affected	—
`>= 11.0.0, < 11.4.0`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade pnpm to version 10.34.0 or newer, or version 11.4.0 or newer, which removes the unchecked pass of resolution.commit to git fetch.
Restrict the use of SSH or local git URLs in lockfiles; prefer HTTPS URLs and avoid shallow‑fetch paths from untrusted sources.
Validate lockfile integrity before installation, for example by using pnpm audit or manually checking for unexpected git options, to detect any injected --upload-pack entries.

Generated by OpenCVE AI on June 25, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/pnpm/pnpm/security/advisories/GHSA-p4xf-rf54-rj3x

History

Thu, 25 Jun 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option such as --upload-pack=<command>. For SSH and local transports, --upload-pack can execute the supplied command. HTTPS transports ignore --upload-pack, so the practical attack surface is primarily SSH or local git dependencies. This vulnerability is fixed in 10.34.0 and 11.4.0.
Title		pnpm: Git Fetch Argument Injection via Lockfile resolution.commit
Weaknesses		CWE-88
References		https://github.com/pnpm/pnpm/security/advisories/GHSA-p4xf-rf54-rj3x
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-25T16:51:16.652Z

Updated: 2026-06-25T18:13:06.802Z

Reserved: 2026-06-02T22:46:02.579Z

Link: CVE-2026-50014

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-25T18:30:14Z

Weaknesses

CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object