A vulnerability marked as critical has been reported in pnpm up to 10.33.3/11.3.x . Affected by this issue is some unknown functionality. The manipulation leads to relative path traversal. This vulnerability is traded as CVE-2026-50016 . It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.