CVE-2026-59195 - pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config
CVE ID :CVE-2026-59195 Published : July 6, 2026, 4:16 p.m. | 57 minutes ago Description :pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks...