pnpm, Path Traversal, GHSA-72r4-9c5j-mj57 (Medium) -DC-Jun2026-732

Listen to this Post

The `patch-remove` deletion-scope issue tracked as GHSA-72r4-9c5j-mj57 / CAND-PNPM-030 has been addressed in pnpm. A crafted patch entry could resolve outside the configured patches directory and cause `pnpm patch-remove` to delete an arbitrary reachable file. This vulnerability exists due to path traversal in `patch-remove` when processing a crafted patch entry. A remote attacker can supply a crafted patch path that resolves outside the configured patches directory to delete arbitrary files.
The patch validates the configured directory and every resolved target before unlinking anything, then deletes the final directory entry without following it. Traversal and absolute paths that resolve outside the configured patches directory are rejected before deletion. Parent directories are canonicalized before deletion, including the case where a nested symlink points outside and the final outside entry is itself dangling. The complete batch is validated before any file is removed. Component-aware predicates accept valid names beginning with `..` while still rejecting parent traversal, Windows drive escapes, and UNC escapes. Valid files and symlinked patch directories whose canonical targets remain below the lockfile directory continue to work. A final symlink inside a valid patch directory is unlinked without following its target, including when the target is outside or dangling.
Before the patch, a workspace `patchedDependencies` path that resolved outside the project caused `pnpm patch-remove` to delete the external sentinel. A second replay used a nested parent symlink and a dangling outside victim: `realpath()` returned ENOENT, yet the victim was still removed. With this patch, both paths are rejected and the outside entries remain intact.

DailyCVE Form:

Platform: pnpm
Version: < 10.34.4, < 11.7.0
Vulnerability: Path Traversal
Severity: Medium
date: 2026-06-27

Prediction: 2026-06-27 (Patched)

What Undercode Say:

Focused handler and path-predicate suites
$ pnpm --filter @pnpm/patching.commands test test/isSubdirectory.test.ts test/patchRemove.test.ts
PASS: 11 tests across 2 suites
Package TypeScript build
$ pnpm --filter @pnpm/patching.commands run compile
PASS
Git diff check
$ git diff --check
PASS

Exploit:

A crafted patch entry with a path containing `../` sequences or absolute paths resolves outside the configured patches directory. A nested parent symlink combined with a dangling outside victim causes `realpath()` to return ENOENT, yet the victim file is still deleted. The exploit requires user interaction to run the `pnpm patch-remove` command on the crafted entry.

Protection:

Update pnpm to version 10.34.4 or 11.7.0 or later. The patch introduces component-aware containment checks in `isSubdirectory.ts` and validates the full batch in patchRemove.ts, canonicalizing parents and unlinking final entries without following them.

Impact:

A remote attacker can delete arbitrary files on the filesystem as the user running pnpm patch-remove. The vulnerability is triggered by processing a crafted patch entry that resolves outside the configured patches directory.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top