A vulnerability was found in pnpm up to 10.33.x/11.3.x and classified as problematic . Impacted is an unknown function of the file pnpm-lock.yaml . Executing a manipulation of the argument Integrity can lead to improper validation of integrity check value. This vulnerability is tracked as CVE-2026-50021 . The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.