Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-55697

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as an install-engine opt-in. During install, pnpm resolved a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config/<packageName> and spawned it as the developer or CI user. This vulnerability is fixed in 10.34.2 and 11.5.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 1.9%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-55697
  • Pnpm » Pnpm » Version: 11.0.0
    cpe:2.3:a:pnpm:pnpm:11.0.0
  • Pnpm » Pnpm » Version: 11.0.1
    cpe:2.3:a:pnpm:pnpm:11.0.1
  • Pnpm » Pnpm » Version: 11.0.2
    cpe:2.3:a:pnpm:pnpm:11.0.2
  • Pnpm » Pnpm » Version: 11.0.3
    cpe:2.3:a:pnpm:pnpm:11.0.3
  • Pnpm » Pnpm » Version: 11.0.4
    cpe:2.3:a:pnpm:pnpm:11.0.4
  • Pnpm » Pnpm » Version: 11.0.5
    cpe:2.3:a:pnpm:pnpm:11.0.5
  • Pnpm » Pnpm » Version: 11.0.6
    cpe:2.3:a:pnpm:pnpm:11.0.6
  • Pnpm » Pnpm » Version: 11.0.7
    cpe:2.3:a:pnpm:pnpm:11.0.7
  • Pnpm » Pnpm » Version: 11.0.8
    cpe:2.3:a:pnpm:pnpm:11.0.8
  • Pnpm » Pnpm » Version: 11.0.9
    cpe:2.3:a:pnpm:pnpm:11.0.9
  • Pnpm » Pnpm » Version: 11.1.0
    cpe:2.3:a:pnpm:pnpm:11.1.0
  • Pnpm » Pnpm » Version: 11.1.1
    cpe:2.3:a:pnpm:pnpm:11.1.1
  • Pnpm » Pnpm » Version: 11.1.2
    cpe:2.3:a:pnpm:pnpm:11.1.2
  • Pnpm » Pnpm » Version: 11.1.3
    cpe:2.3:a:pnpm:pnpm:11.1.3
  • Pnpm » Pnpm » Version: 11.2.0
    cpe:2.3:a:pnpm:pnpm:11.2.0
  • Pnpm » Pnpm » Version: 11.2.1
    cpe:2.3:a:pnpm:pnpm:11.2.1
  • Pnpm » Pnpm » Version: 11.2.2
    cpe:2.3:a:pnpm:pnpm:11.2.2
  • Pnpm » Pnpm » Version: 11.3.0
    cpe:2.3:a:pnpm:pnpm:11.3.0
  • Pnpm » Pnpm » Version: 11.4.0
    cpe:2.3:a:pnpm:pnpm:11.4.0
  • Pnpm » Pnpm » Version: 11.5.0
    cpe:2.3:a:pnpm:pnpm:11.5.0
  • Pnpm » Pnpm » Version: 11.5.1
    cpe:2.3:a:pnpm:pnpm:11.5.1
  • Pnpm » Pnpm » Version: 11.5.2
    cpe:2.3:a:pnpm:pnpm:11.5.2


Contact Us

Shodan ® - All rights reserved