VYPR
Important severity8.2OSV Advisory· Published Jul 6, 2026

pnpm: pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

CVE-2026-59195

Description

pnpm: pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

Affected products

2
  • Pnpm/PnpmOSV2 versions
    v11.7.0, v11.6.0, v10.34.3, …+ 1 more
    • (no CPE)range: v11.7.0, v11.6.0, v10.34.3, …
    • (no CPE)

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.