CVE-2026-55698 in pnpm
Summary
by MITRE • 06/25/2026
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained matching pnpm and @pnpm/exe versions. A malicious repository could therefore commit package-manager lockfile package records and snapshots that bypassed fresh package-manager resolution, then cause pnpm to install and execute bytes selected by that committed lockfile state during automatic version switching. This vulnerability is fixed in 10.34.2 and 11.5.3.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/25/2026
This vulnerability affects pnpm package manager versions prior to 10.34.2 and 11.5.3, creating a significant security risk through improper trust of committed lockfile metadata. The flaw lies in how pnpm handles bootstrap metadata persistence within the first YAML document of pnpm-lock.yaml files, which can contain packageManagerDependencies entries that are blindly trusted during execution. When a repository contains a committed lockfile with matching pnpm and @pnpm/exe versions, the system automatically trusts these resolved package manager dependencies without revalidating them against current system state.
The technical implementation of this vulnerability stems from insufficient validation mechanisms that allow malicious actors to manipulate lockfile contents in ways that bypass normal package resolution processes. Attackers can commit specific package records and snapshots to the repository that appear legitimate but contain malicious payloads designed to execute during automatic version switching operations. This creates a persistent threat vector where compromised repositories can silently install and execute arbitrary code without user intervention or explicit approval.
The operational impact of this vulnerability spans multiple security domains including supply chain integrity, privilege escalation, and code execution. The issue directly relates to CWE-829, which addresses incomplete input validation in package managers, and aligns with ATT&CK techniques involving supply chain compromise and malicious code injection. When exploited, this vulnerability allows attackers to achieve arbitrary code execution through the package manager's automatic resolution mechanisms, potentially compromising development environments, CI/CD pipelines, and production systems that rely on pnpm for dependency management.
Organizations using affected pnpm versions face elevated risk of supply chain attacks where malicious dependencies can be silently installed and executed during routine package installations. The vulnerability demonstrates a critical flaw in trust assumptions within package managers, where committed metadata is treated as authoritative without proper validation against current security contexts. This affects not only individual developers but also enterprise environments that depend on pnpm for consistent dependency resolution across multiple systems.
Mitigation strategies should prioritize immediate upgrade to patched versions 10.34.2 and 11.5.3, which implement proper validation of package manager dependencies before trust is established. Security teams should conduct comprehensive audits of existing lockfiles to identify potentially compromised repository states, while implementing additional verification mechanisms such as lockfile integrity checks and dependency signature validation. Organizations should also consider implementing automated security scanning for package manager metadata and establishing secure development practices that prevent unauthorized modifications to lockfile contents. The fix addresses core trust model issues by ensuring that package manager resolution occurs with proper validation rather than relying on potentially compromised committed states, thereby aligning with industry best practices for secure software supply chain management.