A vulnerability, which was classified as critical , has been found in pnpm up to 10.34.1/11.5.2 . Impacted is an unknown function. Performing a manipulation results in path traversal. This vulnerability was named CVE-2026-55699 . The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.