CVE-2026-55698 | pnpm up to 10.34.1/11.5.2 pnpm-lock.yaml data authenticity

A vulnerability was found in pnpm up to 10.34.1/11.5.2. It has been rated as critical. This affects an unknown function of the file pnpm-lock.yaml. This manipulation causes insufficient verification of data authenticity.

This vulnerability is registered as CVE-2026-55698. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More