CVE-2026-23888 | pnpm up to 10.28.0 Prefix path traversal (GHSA-6pfh-p556-v868)

Inserito da Angelo Barbosa | Gen 27, 2026 | CVE

A vulnerability was found in pnpm up to 10.28.0. It has been classified as critical. Affected by this issue is some unknown functionality of the component Prefix Handler. The manipulation leads to path traversal.

This vulnerability is listed as CVE-2026-23888. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-23888 | pnpm up to 10.28.0 Prefix path traversal (GHSA-6pfh-p556-v868)

Post correlati

CVE-2025-27108 | ryansolid dom-expressions up to 0.39.4 replace cross site scripting (GHSA-hw62-58pr-7wc5)

CVE-2024-6084 | itsourcecode Pool of Bethesda Online Reservation System up to 1.0 controller.php uploadImage image unrestricted upload

CVE-2024-30149 | HCL AppScan Source up to 10.6.0 SSL Certificate certificate validation (KB0116990)

CVE-2024-0599 | Jspxcms 10.2.0 Document Management Page InfoController.java title cross site scripting