CVE-2026-55700 | pnpm up to 11.5.2 Manifest name/version path traversal

Inserito da Angelo Barbosa | Giu 25, 2026 | CVE

A vulnerability was found in pnpm up to 11.5.2. It has been classified as critical. This impacts an unknown function of the component Manifest Handler. This manipulation of the argument name/version causes path traversal.

This vulnerability is tracked as CVE-2026-55700. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is recommended.

CVE-2026-55700 | pnpm up to 11.5.2 Manifest name/version path traversal

Post correlati

CVE-2023-27150 | openCRX 5.2.0 Manage Activity Name cross site scripting

CVE-2026-33862 | Siemens Teamcenter cross site scripting (ssa-827383)

CVE-2026-26354 | Dell PowerProtect Data Domain up to 7.13.1.60/8.3.1.10/8.6 stack-based overflow (dsa-2026-060)

CVE-2026-44705 | raszi node-tmp up to 0.2.5 Temporary Directory path traversal