A vulnerability labeled as critical has been found in pnpm up to 10.33.3/11.3.x . Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to path traversal. This vulnerability appears as CVE-2026-50015 . The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.