A vulnerability was found in pnpm up to 10.33.3/11.3.x . It has been classified as problematic . The affected element is an unknown function of the file pnpm-lock.yaml . The manipulation leads to insufficient verification of data authenticity. This vulnerability is listed as CVE-2026-50573 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.