Skip to main content

Gleam CVE-2026-43965

| EUVDEUVD-2026-33926 MEDIUM
Path Traversal (CWE-22)
2026-06-02 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
5.6
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.6 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

3
Patch available
Jun 02, 2026 - 16:01 EUVD
Source Code Evidence Fetched
Jun 02, 2026 - 14:37 vuln.today
Analysis Generated
Jun 02, 2026 - 14:37 vuln.today

DescriptionCVE.org

Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content.

Package keys read from build/packages/packages.toml by LocalPackages::read_from_disc are passed without validation to paths.build_packages_package(), which constructs a filesystem path by joining the project build directory with the attacker-controlled key. The resulting path is then passed to fs::delete_directory (which calls remove_dir_all). No check is performed to ensure the path remains within the intended build/packages/ directory. Both absolute paths and relative traversal sequences (e.g. ../) are accepted as package keys, allowing deletion of arbitrary directories.

An attacker who can cause a victim to run gleam deps download on a project containing a malicious build/packages/packages.toml (e.g. by committing the normally-gitignored file to a repository) can cause arbitrary directories on the victim's system to be recursively deleted.

This issue affects Gleam from 0.18.0-rc1 until 1.17.0.

AnalysisAI

Arbitrary recursive directory deletion in Gleam's dependency management (versions 0.18.0-rc1 through 1.16.x) is triggered when a developer runs 'gleam deps download' against a project whose normally-gitignored build/packages/packages.toml has been seeded with path traversal sequences as package keys. The compiler-cli reads these keys without validation, constructs a filesystem path via paths.build_packages_package(), and passes it directly to fs::delete_directory (Rust's remove_dir_all), allowing sequences such as '../../' or absolute paths to escape the intended build/packages/ directory and destroy arbitrary directories on the victim's machine. No public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog; the fix commit and GitHub Security Advisory GHSA-jqvf-f6p2-wrv3 confirm the issue and its resolution.

Technical ContextAI

Gleam is a statically-typed functional language targeting the BEAM VM and JavaScript runtimes; its CLI manages dependency state via an internal build/packages/packages.toml file that is normally excluded by .gitignore. The vulnerability (CWE-22: Path Traversal) is located in the LocalPackages::read_from_disc function within compiler-cli/src/dependencies.rs. Package name keys deserialized from the TOML map are passed directly to paths.build_packages_package(), which joins the project's build directory with the caller-supplied key to produce a filesystem path; that path is then handed to fs::delete_directory, a wrapper around Rust's std::fs::remove_dir_all. Because remove_dir_all applies no containment check, both absolute paths and relative traversal sequences are silently accepted. The root cause is the complete absence of an input validation layer at the Serde deserialization boundary for map keys. The fix at commit 690ca069817bee5f77a28fc3e360627c1da19291 introduces a custom deserializer (map_with_package_name_keys::deserialize) that rejects any key not matching the pattern [a-z0-9_]+, as confirmed by the added snapshot test which records rejection of '../../stuff' with the error 'expected a package name containing only lowercase letter, numbers, and underscores'. The same deserializer was also applied to the dependencies and dev_dependencies maps in PackageConfig and Manifest, hardening the broader config-parsing surface.

RemediationAI

Upgrade Gleam to version 1.17.0, the first patched release as inferred from the 'until 1.17.0' version boundary stated in the NVD description and confirmed by the fix committed at https://github.com/gleam-lang/gleam/commit/690ca069817bee5f77a28fc3e360627c1da19291. The patch enforces package name validation at the Serde deserialization boundary, rejecting keys that contain path separators or characters outside [a-z0-9_]. If an immediate upgrade is not feasible, a practical compensating control is to inspect the build/packages/packages.toml file for any keys containing '/', '\', or '..' sequences before running dependency commands; this file should not ordinarily exist in version control, so its committed presence is itself a high-fidelity indicator of malicious intent. For CI/CD pipelines that process untrusted Gleam repositories, constrain the pipeline's working directory using filesystem sandboxing (e.g., containers with a restricted mount namespace) so that any traversal attempt can only affect ephemeral build volumes rather than persistent infrastructure or developer home directories. Full advisory: https://github.com/gleam-lang/gleam/security/advisories/GHSA-jqvf-f6p2-wrv3.

Vendor StatusVendor

SUSE

Severity: Medium

Share

CVE-2026-43965 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy