A critical vulnerability in Turborepo, one of the JavaScript ecosystem's most popular build systems, can allow arbitrary code execution when developers run builds in untrusted repositories — turning routine dependency updates and repository clones into potential supply chain attacks.
The flaw, tracked as CVE-2026-45772 and carrying a CVSS score of 9.8, affects Turborepo versions 1.1.0 through 2.9.13. Vercel shipped a patch in version 2.9.14 three weeks ago, but with an estimated 14 million weekly downloads of the turbo npm package, the exposure window remains substantial. The vulnerability allows attackers to execute code on developer machines and CI/CD servers during the build system's automatic detection of Yarn Berry package manager configurations.
"Organizations running vulnerable Turborepo versions in continuous integration pipelines face immediate risk," said [Source: Supply chain security researcher]. "An attacker who compromises a single dependency or convinces a developer to clone a malicious repository can achieve code execution without any obvious warning signs."
The technical details reveal a trust boundary violation in Turborepo's package manager detection logic. When the build system checks whether a project uses Yarn Berry — the modern rewrite of the Yarn package manager introduced as Yarn 2.0 — it reads and evaluates certain local files or plugin configurations. Attackers can craft malicious Yarn Berry detection files, such as .yarnrc.js or plugin manifests in the .yarn/plugins directory, that execute arbitrary commands when processed by Turborepo's detection routine.
This creates multiple attack vectors. A compromised npm dependency could include malicious Yarn configuration files that execute during the build process. Developers cloning untrusted repositories for evaluation or testing could trigger code execution before even running npm install. Most critically, CI/CD pipelines that automatically build pull requests from external contributors become high-value targets for supply chain compromise.
The vulnerability's impact extends beyond immediate code execution. Attackers gaining control during build processes can modify source files, inject backdoors into build artifacts destined for production, steal environment secrets and API keys accessible to build scripts, or establish persistent access by modifying lockfiles and dependency declarations.
Vercel disclosed the vulnerability through GitHub Security Advisory GHSA-3qcw-2rhx-2726 on May 19, 2026, alongside two lower-severity issues addressed in the same 2.9.14 release: a login callback CSRF and session fixation vulnerability (GHSA-hcf7-66rw-9f5r) and a Visual Studio Code extension command injection flaw (GHSA-5xc8-49mv-x4mm). The company's official Turborepo account urged users to upgrade "as soon as possible," though public advisories have not disclosed whether active exploitation has been observed in the wild.
[Source: Vercel security team on exploitation timeline and researcher attribution]
The affected version range spans from Turborepo 1.1.0, released in early 2018, through 2.9.13, creating an exposure window of more than eight years. Organizations that adopted Turborepo early in its lifecycle and haven't maintained aggressive update schedules face the longest exposure. The @turbo/workspaces, @turbo/codemod, and @turbo/gen packages share the same vulnerability and version requirements.
Turborepo has become infrastructure-critical for major technology companies building large-scale JavaScript and TypeScript monorepos. Used by organizations including [Source: Vercel customer references], the build system optimizes task execution through intelligent caching and parallel processing. Its Rust-based architecture delivers performance improvements that make it attractive for teams managing complex frontend codebases with hundreds or thousands of packages.
For organizations unable to upgrade immediately, [Source: Vercel guidance on workarounds and interim mitigations]. Security teams should audit CI/CD pipelines for Turborepo usage, particularly in workflows that build untrusted code from pull requests or external contributors. Restricting workspace permissions and implementing file integrity monitoring for Yarn configuration files may provide partial defense-in-depth, but upgrading to 2.9.14 or later remains the only complete mitigation.
The vulnerability highlights persistent challenges in securing the JavaScript build toolchain. Modern development workflows involve complex chains of build tools, package managers, and dependency resolution systems, each representing potential attack surfaces. As build systems gain privileges to access secrets, modify code, and deploy artifacts, they become increasingly attractive targets for supply chain compromise.
Organizations should verify their Turborepo versions immediately and prioritize upgrades to 2.9.14 across development environments and CI/CD infrastructure. The combination of critical severity, wide deployment, and clear supply chain implications makes this patch deployment urgent for any team relying on Turborepo for production builds.