Listen to this Post
How CVE-2026-50017 Works
CVE-2026-50017 is a critical credential leakage vulnerability in the pnpm package manager. It resides in pnpm’s handling of authentication tokens when combining user-level and repository-level `.npmrc` configuration files. The flaw arises because pnpm fails to properly isolate authentication contexts between different registry endpoints.
The attack scenario begins with a victim who has a global or user-level npm configuration containing a default registry and an unscoped _authToken. This token is intended for use with the default registry. An attacker then creates a malicious repository that includes a local `.npmrc` file. This file does not contain any authentication tokens; it only sets the `registry=` directive to a different registry URL that the attacker controls.
During normal pnpm operations, such as `pnpm install` or pnpm view, the package manager merges the user-level and repository-level configurations. In its auth-header flow, pnpm parses the unscoped/default credentials from the merged configuration and stores them as default credentials. The auth-header logic then maps these default credentials to the effective default registry, which has been changed by the attacker’s repository-local .npmrc. Consequently, pnpm binds the higher-trust user-origin unscoped credential to the lower-trust repository-selected registry and sends it as an `Authorization: Bearer` header.
This behavior was confirmed in pnpm versions 10.33.2, 11.1.3, and 11.2.1. In contrast, npm 10.9.7 rejects the same unscoped `_authToken` configuration with `ERR_INVALID_AUTH` and does not send the header. The leak occurs before package lifecycle scripts run, meaning it does not depend on package code execution. The fix, implemented in pnpm versions 10.34.0 and 11.4.0, introduces enhanced credential isolation mechanisms to prevent this automatic propagation.
DailyCVE Form:
Platform: pnpm
Version: <10.34.0, <11.4.0
Vulnerability: Credential Leakage
Severity: Critical
Date: 2026-06-25
Prediction: 2026-06-25
What Undercode Say: Analytics
The core of the attack lies in the configuration merge process. To understand if you are vulnerable, you can audit your `.npmrc` files.
Check for vulnerable configurations:
Check user-level .npmrc for unscoped tokens cat ~/.npmrc | grep -E '^_authToken=|^_auth=|^username=|^_password=' Check repository-level .npmrc for registry override cat .npmrc | grep '^registry='
The official reproducer provided in the vulnerability report is a Python script that sets up two loopback registries to demonstrate the leak.
Run the official reproducer:
Save the reproducer as repro.py and run it python3 repro.py
Expected output for a vulnerable version:
TARGET_VERSION=pnpm 11.2.1; npm 10.9.7 ENVIRONMENT_READY ... OBSERVED_PNPM_AUTH_HITS=3 OBSERVED_NPM_AUTH_HITS=0 CHECK pnpm_leaked=true npm_control_held=true result=pass VULNERABLE_BEHAVIOR_CONFIRMED
Exploit
An attacker can exploit this vulnerability by creating a malicious repository with a `.npmrc` file that points to an attacker-controlled registry. When a victim with an unscoped `_authToken` in their user configuration runs `pnpm install` in this repository, pnpm will send the token to the attacker’s registry. The attacker can then capture this token and use it to access the victim’s private packages or perform other actions authorized by the token.
Protection
To protect against this vulnerability, you should upgrade pnpm to a patched version.
Upgrade pnpm:
Upgrade to the latest patched version npm install -g pnpm@latest Or use corepack to manage the version corepack prepare [email protected] --activate
As a workaround, you can avoid using unscoped `_authToken` in your user-level configuration and instead use URL-scoped tokens.
Use URL-scoped tokens:
Instead of: _authToken=your-token Use a URL-scoped token in your .npmrc: //registry.npmjs.org/:_authToken=your-token
Impact
This vulnerability can lead to the disclosure of npm registry credentials from a user’s higher-trust configuration to a registry endpoint selected by an untrusted repository. An attacker who controls the repository can capture these credentials and potentially gain unauthorized access to the victim’s private packages, leading to data breaches or supply chain attacks. This is particularly critical in enterprise environments where strict access controls are in place.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
