CVE-2026-55697 | pnpm up to 10.34.1/11.5.2 pnpm-workspace.yaml os command injection

A vulnerability classified as critical was found in pnpm up to 10.34.1/11.5.2. This issue affects some unknown processing of the file pnpm-workspace.yaml. Such manipulation leads to os command injection.

This vulnerability is uniquely identified as CVE-2026-55697. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More