Path Traversal in Gleam
CVE-2026-43965
Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml by LocalPackages::read_from_disc are…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.000 (2.7th percentile) — read the EPSS interpretation.
Affected products
- Gleam — versions 0.18.0-rc1, ed7aec0484f10d60978b63788c8a6497590855ab, v0.18.0-rc1-elixir
Weakness classification (CWE)
References
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)