CVE-2026-59195 | pnpm up to 10.34.3/11.7.x Config Dependency pnpm-lock.yaml symlink
A vulnerability identified as critical has been detected in pnpm up to 10.34.3/11.7.x. Impacted is an unknown function of the file pnpm-lock.yaml of the component Config Dependency Handler. The manipulation leads to symlink following.
This vulnerability is traded as CVE-2026-59195. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More