CVE-2026-24131 | pnpm up to 10.28.1 path.join directories.bin path traversal (GHSA-v253-rj99-jwpq)

Inserito da Angelo Barbosa | Gen 27, 2026 | CVE

A vulnerability, which was classified as critical, has been found in pnpm up to 10.28.1. This affects the function path.join. This manipulation of the argument directories.bin causes path traversal.

The identification of this vulnerability is CVE-2026-24131. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2026-24131 | pnpm up to 10.28.1 path.join directories.bin path traversal (GHSA-v253-rj99-jwpq)

Post correlati

CVE-2024-1552 | Mozilla Firefox up to 122 on 32-bit ARM Remote Code Execution

CVE-2025-59997 | Juniper Junos Space up to 24.1R3 cross site scripting (JSA103140)

CVE-2025-1937 | Mozilla Thunderbird up to 135 memory corruption

CVE-2024-50079 | Linux Kernel up to 6.11.4 io_uring_cancel_generic state issue (887ba598d9cf/8f7033aa4089)