CVE-2026-24056 Overview
CVE-2026-24056 is a symlink attack vulnerability in pnpm, a popular Node.js package manager. Prior to version 10.28.2, pnpm follows symlinks and reads their target contents without constraining them to the package root when installing file: (directory) or git: dependencies. A malicious package containing a symlink to an absolute path (e.g., /etc/passwd, ~/.ssh/id_rsa) causes pnpm to copy that file's contents into node_modules, leading to local data exfiltration.
Critical Impact
This vulnerability can lead to credential theft through symlinks targeting sensitive files such as ~/.aws/credentials, ~/.npmrc, and ~/.ssh/id_rsa, impacting developers and CI/CD pipelines installing local or git dependencies.
Affected Products
- pnpm versions prior to 10.28.2
- Node.js environments using pnpm with file: dependencies
- CI/CD pipelines installing git: dependencies via pnpm
Discovery Timeline
- 2026-01-26 - CVE-2026-24056 published to NVD
- 2026-01-28 - Last updated in NVD database
Technical Details for CVE-2026-24056
Vulnerability Analysis
This vulnerability stems from improper handling of symbolic links during the package installation process. When pnpm processes file: or git: dependencies, it follows symlinks without validating whether the target path resides within the package's root directory. This lack of path constraint validation allows an attacker to craft a malicious package containing symlinks that point to arbitrary files on the system.
The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-59 (Improper Link Resolution Before File Access). Notably, registry packages published to npm are not affected because symlinks are stripped during the publish process. The attack requires local interaction, making it primarily a threat to developers installing local dependencies or CI/CD systems processing git-based dependencies.
Root Cause
The root cause is the failure to properly resolve and validate symlink targets before copying file contents during dependency installation. The pnpm installation logic did not implement proper symlink boundary checks, allowing path traversal outside the intended package directory. When encountering a symlink, pnpm would resolve and read the target file regardless of its location on the filesystem.
Attack Vector
The attack vector requires an attacker to distribute a malicious package containing crafted symlinks pointing to sensitive files. When a victim installs this package as a file: or git: dependency, pnpm follows the symlinks and copies the contents of targeted files (such as SSH keys, AWS credentials, or npm tokens) into the node_modules directory. The attacker can then access these leaked credentials through the installed package contents.
The attack flow involves:
- Attacker creates a malicious package with symlinks to sensitive paths like ~/.ssh/id_rsa or ~/.aws/credentials
- Package is distributed via git repository or local file path
- Victim runs pnpm install with the malicious dependency
- pnpm follows symlinks and copies sensitive file contents into node_modules
- Attacker gains access to leaked credentials through package post-install scripts or other mechanisms
Detection Methods for CVE-2026-24056
Indicators of Compromise
- Unexpected files appearing in node_modules directories that match system configuration files
- Package dependencies containing symlinks pointing to absolute paths outside the package root
- Unusual file access patterns during pnpm install operations targeting sensitive directories like ~/.ssh/, ~/.aws/, or ~/.npmrc
Detection Strategies
- Monitor file system operations during package installation for symlink resolution to sensitive paths
- Audit file: and git: dependencies in package.json files for untrusted or unfamiliar sources
- Implement file integrity monitoring on sensitive credential files to detect unauthorized reads
- Review CI/CD pipeline logs for unexpected file access during dependency installation
Monitoring Recommendations
- Enable audit logging for file system operations in development and CI/CD environments
- Configure alerts for pnpm installation processes accessing files outside expected package directories
- Regularly scan node_modules directories for unexpected file contents matching known sensitive file patterns
- Monitor for outbound data exfiltration attempts following package installation events
How to Mitigate CVE-2026-24056
Immediate Actions Required
- Upgrade pnpm to version 10.28.2 or later immediately
- Audit existing file: and git: dependencies in all projects for potential malicious symlinks
- Review CI/CD pipeline configurations that install dependencies from git repositories
- Rotate credentials that may have been exposed if vulnerable pnpm versions were used with untrusted dependencies
Patch Information
The vulnerability has been addressed in pnpm version 10.28.2. The fix implements proper symlink boundary validation during dependency installation, ensuring symlinks cannot target files outside the package root directory. For detailed information about the patch, see the GitHub Commit Changes and the GitHub Security Advisory GHSA-m733-5w8f-5ggw.
Workarounds
- Avoid installing dependencies from untrusted file: or git: sources until the upgrade is applied
- Manually inspect packages for symlinks before installation using find . -type l -ls within the package directory
- Run pnpm installations in isolated containers with limited access to sensitive files
- Use npm registry packages instead of local file or git dependencies where possible, as registry packages have symlinks stripped during publish
# Upgrade pnpm to patched version
npm install -g pnpm@10.28.2
# Verify installed pnpm version
pnpm --version
# Scan for symlinks in a package directory before installation
find /path/to/package -type l -exec ls -la {} \;
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
