Intel

AIKIDO-2026-559320

pnpm is vulnerable to Path Traversal

Path TraversalGHSA-qrv3-253h-g69c Published Jun 23, 2026

82

High Risk

This Affects:

JSpnpm
0.0.1 - 10.34.3
Fixed in 10.34.4
11.0.0 - 11.7.0
Fixed in 11.8.0
Are you affected? Scan for Free

TL;DR

pnpm reads configDependencies names and versions from the committed env lockfile (pnpm-lock.yaml) and the legacy inline-integrity format in pnpm-workspace.yaml, then uses them as path segments when creating install directories such as node_modules/.pnpm-config and the global virtual store. Because these values are used without validation, a malicious repository can commit a traversal-shaped config dependency name or version and cause pnpm install to create symlinks or write package files outside the intended roots, triggered on install even with --ignore-scripts. An attacker who controls a repository's lockfile or workspace manifest can therefore plant or overwrite files at arbitrary locations, which can be chained to code execution. The fix adds an offline structural gate that validates every config dependency and optional-subdependency name as a valid npm package name and version as an exact semver value before any path is built, rejecting invalid entries (including __proto__) before the env lockfile is persisted.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and run pnpm install on a repository whose lockfile or workspace manifest contains attacker-controlled configDependencies entries.

Background info

pnpm is vulnerable to Path Traversal in versions 0.0.1 - 10.34.3 and 11.0.0 - 11.7.0.

How to fix this

Upgrade the @pnpm/exe library to the patch version.