CVE-2026-48995

Summary

pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if this server was compromised or a person's machine configuration was compromised, pnpm would download and install these dependencies. This vulnerability is fixed in 10.33.4 and 11.0.7.

Affected Software

VendorProductVersion RangeStatus
pnpmpnpm< 10.33.4affected
pnpmpnpm>= 11.0.0, < 11.0.7affected

Weaknesses

  • CWE-353: CWE-353: Missing Support for Integrity Check

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References