Skip to content
Security & Trust

pnpm Discloses 8 CVEs in One Day. Your Lockfile Is the Exploit.

Path traversal, manifest spoofing, hoisted alias escapes, arbitrary deletion — 8 distinct vulnerabilities in the package manager that Next.js, Nuxt, and Astro depend on. The supply chain attack surface just moved from packages to package managers.

· 6 min read
Share on X LinkedIn
pnpm Discloses 8 CVEs in One Day. Your Lockfile Is the Exploit.

Eight Vulnerabilities, One Package Manager

pnpm — the package manager powering Next.js, Nuxt, Astro, and a growing share of the modern JavaScript ecosystem — disclosed at least 8 distinct security vulnerabilities in a single coordinated release. The flaws span path traversal in configDependencies, arbitrary file deletion via patch-remove, hoisted alias escapes, manifest spoofing that bypasses allowBuilds, and stage download traversal. The highest-severity CVE scores CVSS 8.2.

This is not a vulnerability in a package. This is a vulnerability in the system that installs packages. The distinction matters: a malicious npm package affects projects that install it. A malicious lockfile manipulation affects every project that runs pnpm install.

8+
CVEs disclosed
Coordinated disclosure across multiple advisory IDs, June 26-27, 2026.
8.2
Highest CVSS
Path traversal in configDependencies allows writing outside node_modules.
Next.js, Nuxt, Astro, SvelteKit
Affected ecosystem
Major frameworks default to or recommend pnpm for monorepo and workspace management.

The Lockfile Attack Surface

The path traversal vulnerabilities are the most concerning. configDependencies — a pnpm-specific feature for running scripts during install — can be abused to write files outside the node_modules boundary. Combined with the manifest spoofing flaw (which bypasses allowBuilds restrictions), an attacker can craft a lockfile that executes arbitrary code on pnpm install without triggering any of pnpm's safety mechanisms.

The patch-remove arbitrary deletion vulnerability adds a destructive capability: a crafted pnpm-lock.yaml can delete files outside the project directory during patch cleanup. The hoisted alias escape allows a package to masquerade as another package in the hoisted dependency tree, enabling dependency confusion attacks at the package manager level.

Package Manager as Single Point of Failure

The supply chain security conversation has focused on malicious packages, typosquatting, and compromised maintainer accounts. pnpm's 8-CVE disclosure shifts the aperture: the package manager itself is a single point of failure that every package in the ecosystem flows through. A vulnerability here affects not one project, but every project that uses pnpm.

npm, yarn, and pnpm collectively process billions of installs per month. Each has had security vulnerabilities. But 8 in one disclosure — spanning path traversal, arbitrary deletion, manifest spoofing, and alias confusion — suggests a systemic underinvestment in package manager security relative to its criticality.

Action Required

Update pnpm immediately. Audit CI/CD pipelines that run pnpm install from untrusted sources (forked PRs, community contributions). If you accept lockfile changes in pull requests, those changes are now a confirmed attack vector. Consider lockfile-lint or similar tools that validate lockfile integrity before install.

Share this insight
More insights
Security & Trust

WordPress Invoice Generator: Unauthenticated Visitors Can Become Admin. CVSS 9.8. No Exploit Kit Required.

June 28, 2026 · 4 min
Read insight
Security & Trust

Node.js TLS Hostname Bypass: NVD Says CVSS 9.8. HackerOne Says 5.6. Every Framework Built on Node Is Caught in the Middle.

June 28, 2026 · 6 min
Read insight
Security & Trust

Nezha Monitoring: Pre-Auth Config Leak + Cross-Tenant Terminal Hijack. The Observability Pattern Continues.

June 28, 2026 · 5 min
Read insight