A vulnerability was found in pnpm up to 10.34.1/11.5.2 . It has been rated as critical . This affects an unknown function of the file pnpm-lock.yaml . This manipulation causes insufficient verification of data authenticity. This vulnerability is registered as CVE-2026-55698 . Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.