A vulnerability has been found in pnpm up to 10.33.3/11.3.x and classified as critical . The impacted element is an unknown function of the component Lockfile Handler . The manipulation leads to argument injection. This vulnerability is referenced as CVE-2026-50014 . Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.