A vulnerability classified as critical was found in pnpm up to 10.34.3/11.6.x. Affected is an unknown function of the component Lockfile Handler. Executing a manipulation can lead to escaping of output.
The identification of this vulnerability is CVE-2026-59196. The attack may be launched remotely. There is no exploit available.