CVE-2026-50016 is a high-severity security vulnerability in pnpm (npm), affecting versions < 10.34.0. It is fixed in 10.34.0, 11.4.0.
Summary pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can cause pnpm install - ignore-scripts to replace paths in the current project with symlinks to attacker-controlled dependency package directories. .git/hooks is only one useful target. The same primitive can replace other project-local paths that are consumed by later tools, for example: .husky or .githooks for Git hook dispatchers scripts/, tools/, bin/, or tests/ for project scripts and CI commands .github/actions/<name> for local GitHub Actions used later in the workflow dist/ or other publish/build output directories before pnpm pack or pnpm publish nodemodules/.bin or undeclared nodemodules/<name> paths used by later command or module resolution Targets that are regular files can also be replaced with symlinks to a package directory, but those cases are usually denial of service. Directory targets are more useful because many developer tools execute or load files from those directories after installation. This was reproduced with [email protected]. Impact Users often run pnpm install --ignore-scripts expecting that untrusted package code cannot execute during installation. This issue bypasses that expectation: the malicious package does not need a lifecycle script. Instead, it silently rewires project files or directories during install, and the payload runs when the user or CI later executes another normal command. Examples include git commit, pnpm test, pnpm run build, a CI step that uses a local GitHub Action, or pnpm publish packaging a replaced dist/ directory. In this PoC, the victim installs a normal registry package, the transitive malicious package replaces .git/hooks, and the payload runs when the victim later executes git commit. Root Cause pnpm preserves dependency alias names from package metadata and later passes those aliases into dependency linking as path components. The alias is joined with the destination nodemodules directory and passed to the symlink creation logic without rejecting .. segments or checking that the normalized result stays inside the intended nodemodules directory. Conceptually, a transitive alias like this: is eventually treated like: The normalized destination escapes the dependency's node_modules directory and lands at the victim project's .git/hooks path. pnpm then creates a symlink at that escaped destination to the resolved payload-hooks package directory. The dependency chain is: The malicious transitive package metadata contains: Because this uses an npm: registry alias, it does not rely on a transitive file: or link: dependency. Proof Of Concept Run: The script starts a local npm-compatible registry, writes a victim project .npmrc that points to that registry, installs [email protected] with --ignore-scripts, and then triggers git commit. Requirements: Expected output: PWNED is printed by the attacker-controlled pre-commit hook from the payload-hooks package.
CVE-2026-50016 has a CVSS score of 8.8 (High). The vector is network-reachable, no privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment.
A fixed version is available (10.34.0, 11.4.0). Upgrading removes the vulnerable code path.
npm
pnpm (< 10.34.0)pnpm (>= 11.0.0, < 11.4.0)pnpm → 10.34.0 (npm)pnpm → 11.4.0 (npm)Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter instead of chasing every advisory.
Kodem's runtime-powered SCA identifies whether CVE-2026-50016 is reachable in your applications. Explore open-source security for your team.
See if CVE-2026-50016 is reachable in your applications. Get a demo
Already deployed Kodem? See CVE-2026-50016 in your environment →Upgrade the following packages to resolve this vulnerability:
pnpm to 10.34.0 or laterpnpm to 11.4.0 or laterKodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
CVE-2026-50016 is a high-severity security vulnerability in pnpm (npm), affecting versions < 10.34.0. It is fixed in 10.34.0, 11.4.0.
CVE-2026-50016 has a CVSS score of 8.8 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
pnpm (npm) versions < 10.34.0 is affected.
Yes. CVE-2026-50016 is fixed in 10.34.0, 11.4.0. Upgrade to this version or later.
Whether CVE-2026-50016 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
pnpm to 10.34.0 or laterpnpm to 11.4.0 or later