This vulnerability arises when pnpm, prior to versions 10.34.2 and 11.5.3, installs configDependencies declared in pnpm‑workspace.yaml before command dispatch. A repository that declares a package such as pacquet or @pnpm/pacquet as a configDependency is treated as an install‑engine opt‑in. During an install, pnpm resolves a platform‑specific binary from node_modules/.pnpm‑config/<packageName> and executes it with the permissions of the developer or CI user. The flaw, typified by CWE‑494, CWE‑78 and CWE‑829, allows that binary to be malicious, leading to local code execution. The impact is that any user who runs pnpm install in a workspace that contains a malicious repository can execute arbitrary code with their own privileges, potentially compromising the local system.

The affected product is pnpm, versions earlier than 10.34.2 and earlier than 11.5.3. Any project using pnpm‑workspace.yaml with repository‑controlled configDependencies to external packages is vulnerable. Developers and CI systems that automatically install dependencies from untrusted repositories are at risk.

The CVSS score of 7.5 indicates a high severity. Although an EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the attack vector is local: the attacker must supply a repository that declares the malicious configDependency. In environments where developers or CI systems automatically install dependencies from untrusted repositories, the risk is moderate to high, warranting prompt remediation.