pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if this server was compromised or a person's machine configuration was compromised, pnpm would download and install these dependencies. This vulnerability is fixed in 10.33.4 and 11.0.7.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48995.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-353"
]
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "10.33.4"
},
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.7"
}
]
}