HIGH
Gleam
CVE published 2026-04-11
CVE-2026-32146
CVE-2026-32146 is an improper path validation issue in Gleam’s handling of git dependencies. During dependency download, names from gleam.toml and manifest.toml could be incorporated into filesystem paths without sufficient confinement to the intended dependency directory. That allowed attacker-controlled relative or absolute paths to affect locations outside the expected directory, with the risk of direc [truncated]