Description
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as an install-engine opt-in. During install, pnpm resolved a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config/<packageName> and spawned it as the developer or CI user. This vulnerability is fixed in 10.34.2 and 11.5.3.
Published: 2026-06-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises when pnpm, prior to versions 10.34.2 and 11.5.3, installs configDependencies declared in pnpm‑workspace.yaml before command dispatch. A repository that declares a package such as pacquet or @pnpm/pacquet as a configDependency is treated as an install‑engine opt‑in. During an install, pnpm resolves a platform‑specific binary from node_modules/.pnpm‑config/<packageName> and executes it with the permissions of the developer or CI user. Based on the description, it is inferred that the flaw, typified by CWE‑494, CWE‑78, CWE‑829, and CWE‑349, might allow a malicious binary to be executed, leading to local code execution. The impact is that any user who runs pnpm install in a workspace that contains a malicious repository can execute arbitrary code with their own privileges, potentially compromising the local system.

Affected Systems

The affected product is pnpm, versions earlier than 10.34.2 and earlier than 11.5.3. Any project using pnpm‑workspace.yaml with repository‑controlled configDependencies to external packages is vulnerable. Developers and CI systems that automatically install dependencies from untrusted repositories are at risk.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity and the EPSS score of < 1% shows a low probability of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is inferred to be local: the attacker must supply a repository that declares the malicious configDependency. In environments where developers or CI systems automatically install dependencies from untrusted repositories, the risk is moderate to high, warranting prompt remediation.

Generated by OpenCVE AI on July 17, 2026 at 02:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade pnpm to version 10.34.2 or newer, or 11.5.3 or newer.
  • If upgrade is not immediately possible, edit pnpm‑workspace.yaml to remove or replace any repository‑controlled configDependencies that point to external packages.
  • After reinstalling dependencies, delete any node_modules/.pnpm‑config directory or verify its contents to ensure no unexpected binaries are present.

Generated by OpenCVE AI on July 17, 2026 at 02:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-gj8w-mvpf-x27x pnpm: Repository-controlled configDependencies can select a pacquet native install engine
History

Tue, 07 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-349
References
Metrics threat_severity

None

threat_severity

Important


Mon, 29 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Pnpm
Pnpm pnpm
Vendors & Products Pnpm
Pnpm pnpm

Thu, 25 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as an install-engine opt-in. During install, pnpm resolved a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config/<packageName> and spawned it as the developer or CI user. This vulnerability is fixed in 10.34.2 and 11.5.3.
Title pnpm: Repository-controlled configDependencies can select a pacquet native install engine
Weaknesses CWE-494
CWE-78
CWE-829
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-29T15:34:10.905Z

Reserved: 2026-06-17T00:13:10.650Z

Link: CVE-2026-55697

cve-icon Vulnrichment

Updated: 2026-06-29T15:33:55.184Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-25T16:42:08Z

Links: CVE-2026-55697 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-17T02:45:08Z

Weaknesses
  • CWE-349

    Acceptance of Extraneous Untrusted Data With Trusted Data

  • CWE-494

    Download of Code Without Integrity Check

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

  • CWE-829

    Inclusion of Functionality from Untrusted Control Sphere