CVE-2026-55699— pnpm 全局移除时保留 bin 名导致 PNPM_HOME 删除
Possible ATT&CK Techniques 2AI
T1105 · Ingress Tool Transfer T1059 · Command and Scripting Interpreter新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2026-55699の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
pnpm: reserved bin name deletes PNPM_HOME during global remove
ソース: NVD (National Vulnerability Database)
脆弱性説明
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest and pass path.join(globalBinDir, binName) to removeBin. For "." this targets the global bin directory; for ".." this targets its parent. This vulnerability is fixed in 10.34.2 and 11.5.3.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
对路径名的限制不恰当(路径遍历)
ソース: NVD (National Vulnerability Database)
影響を受ける製品
II. CVE-2026-55699の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2026-55699のインテリジェンス情報
请登录查看更多情报信息。
CVE-2026-55699 其他参考 (1)
Same Patch Batch · pnpm · 2026-06-25 · 13 CVEs total
| CVE-2026-50016 | 8.8 HIGH | pnpm: Transitive dependency alias path traversal allows project path override via symlink |
| CVE-2026-55698 | 8.8 HIGH | pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfi |
| CVE-2026-55487 | 7.5 HIGH | pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle |
| CVE-2026-55697 | 7.5 HIGH | pnpm: Repository-controlled configDependencies can select a pacquet native install engine |
| CVE-2026-50015 | 7.3 HIGH | pnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal) |
| CVE-2026-55700 | 7.1 HIGH | pnpm: stage download writes outside destination via manifest version traversal |
| CVE-2026-50021 | 6.8 MEDIUM | pnpm: Integrity Check Bypass via Missing Lockfile Integrity Field |
| CVE-2026-50573 | 6.8 MEDIUM | pnpm: Unsafe default behavior breaks integrity check |
| CVE-2026-55180 | 6.5 MEDIUM | pnpm: Repository config can expand victim environment secrets into registry requests befor |
| CVE-2026-50014 | 6.4 MEDIUM | pnpm: Git Fetch Argument Injection via Lockfile resolution.commit |
| CVE-2026-48995 | pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile | |
| CVE-2026-50017 | pnpm binds unscoped user-level npm auth credentials to a repository-selected registry |
IV. 関連脆弱性
同じ製品: pnpm
- CVE-2026-55180
pnpm: Repository config can expand victim environment secret - CVE-2026-48995
pnpm: Tarball hash of GitHub git dependencies is not stored - CVE-2026-50017
pnpm binds unscoped user-level npm auth credentials to a rep - CVE-2026-50016
pnpm: Transitive dependency alias path traversal allows proj - CVE-2026-50015
pnpm: Arbitrary File Write/Delete via Malicious Patch File (
同じベンダー: pnpm
- CVE-2026-55180
pnpm: Repository config can expand victim environment secret - CVE-2026-48995
pnpm: Tarball hash of GitHub git dependencies is not stored - CVE-2026-50017
pnpm binds unscoped user-level npm auth credentials to a rep - CVE-2026-50016
pnpm: Transitive dependency alias path traversal allows proj - CVE-2026-50015
pnpm: Arbitrary File Write/Delete via Malicious Patch File (
同じ弱点: CWE-22
- CVE-2026-54557
mise HTTP backend uses raw version path for install symlink - CVE-2026-56876
extract-zip unvalidated symlink path traversal - CVE-2026-55677
Echo: Encoded slash (%2F) bypasses route-level protection an - CVE-2026-57321
WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vul - CVE-2026-56066
WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbi
V. CVE-2026-55699へのコメント
まだコメントはありません