CVE-2026-50573 | pnpm up to 10.33.3/11.3.x pnpm-lock.yaml data authenticity

A vulnerability was found in pnpm up to 10.33.3/11.3.x. It has been classified as problematic. The affected element is an unknown function of the file pnpm-lock.yaml. The manipulation leads to insufficient verification of data authenticity.

This vulnerability is listed as CVE-2026-50573. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More