Path Traversal in Gleam
CVE-2026-32685
Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.000 (2.8th percentile) — read the EPSS interpretation.
Affected products
- Gleam — versions 1.16.0, 61ed8deb6572b5591ad17d6302c1a38607522f16, v1.16.0-elixir
Weakness classification (CWE)
References
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)