VYPR
Important severity7.1OSV Advisory· Published Jul 6, 2026

pnpm: pnpm: patch-remove could delete project-selected files outside the patches directory

CVE-2026-59194

Description

pnpm: pnpm: patch-remove could delete project-selected files outside the patches directory

Affected products

2
  • Pnpm/PnpmOSV2 versions
    v11.6.0, v10.34.3, v10.34.2, …+ 1 more
    • (no CPE)range: v11.6.0, v10.34.3, v10.34.2, …
    • (no CPE)

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.