A vulnerability categorized as problematic has been discovered in pnpm up to 10.33.3/11.0.6 . This impacts an unknown function. Such manipulation leads to missing support for integrity check. This vulnerability is documented as CVE-2026-48995 . The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.