CVE-2026-50014 | pnpm up to 10.33.3/11.3.x Lockfile argument injection

Inserito da Angelo Barbosa | Giu 25, 2026 | CVE

A vulnerability has been found in pnpm up to 10.33.3/11.3.x and classified as critical. The impacted element is an unknown function of the component Lockfile Handler. The manipulation leads to argument injection.

This vulnerability is referenced as CVE-2026-50014. Remote exploitation of the attack is possible. No exploit is available.

The affected component should be upgraded.

CVE-2026-50014 | pnpm up to 10.33.3/11.3.x Lockfile argument injection

Post correlati

CVE-2024-22391 | Mathieu Malaterre Grassroot DICOM 3.0.23 File LookupTable::SetLUT memory corruption (TALOS-2024-1924)

CVE-2024-30188 | Apache DolphinScheduler up to 3.2.2 Resource File access control

CVE-2024-12011 | Nozomi Zettler 12h buffer over-read

CVE-2025-0874 | code-projects Simple Plugins Car Rental Management 1.0 /admin/approve.php id sql injection