A vulnerability was found in pnpm up to 11.5.2 . It has been classified as critical . This impacts an unknown function of the component Manifest Handler . This manipulation of the argument name/version causes path traversal. This vulnerability is tracked as CVE-2026-55700 . The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.