CVE-2026-32146 Overview
An improper path validation vulnerability exists in the Gleam compiler's handling of git dependencies that allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement to the intended dependency directory, enabling attacker-controlled paths via relative traversal (such as ../) or absolute paths to target filesystem locations outside the designated directory.
When resolving git dependencies (e.g., via gleam deps download), the computed path is used for filesystem operations including directory deletion and creation. A malicious direct or transitive git dependency can exploit this issue to delete and overwrite arbitrary directories outside the intended dependency directory, including attacker-chosen absolute paths, potentially causing data loss. In some environments, this may be further leveraged to achieve code execution by overwriting git hooks or shell configuration files.
Critical Impact
Attackers can exploit improper path validation to perform arbitrary file system operations outside the dependency directory, potentially leading to data loss or code execution through malicious git dependencies.
Affected Products
- Gleam compiler versions 1.9.0-rc1 through 1.15.3 (fixed in 1.15.4)
Discovery Timeline
- 2026-04-11 - CVE-2026-32146 published to NVD
- 2026-04-14 - Last updated in NVD database
Technical Details for CVE-2026-32146
Vulnerability Analysis
This vulnerability is classified as CWE-22 (Path Traversal) and affects the Gleam compiler's dependency resolution mechanism. The core issue lies in how the compiler processes dependency names from configuration files (gleam.toml and manifest.toml) without proper path validation.
During the dependency download phase, the Gleam compiler constructs filesystem paths by directly incorporating dependency names from configuration files. The compiler expects dependencies to be stored within a confined directory structure. However, the absence of proper validation allows malicious package names containing path traversal sequences (such as ../) or absolute paths to escape the intended directory boundary.
The attack surface is particularly concerning because:
- Transitive dependency exploitation: A seemingly legitimate package could include a malicious transitive dependency, making detection more difficult
- Pre-execution timing: The vulnerability triggers during dependency resolution, before any code execution safeguards would apply
- Destructive operations: The affected code path performs both directory deletion and creation, enabling complete replacement of targeted directories
Root Cause
The root cause is insufficient input validation on dependency names during configuration file parsing. The Gleam compiler's config.rs module originally lacked proper deserialization validation for dependency names in both the dependencies and dev_dependencies fields. Without validation constraints, arbitrary strings including path traversal sequences were accepted as valid dependency names and subsequently used in filesystem path construction.
Attack Vector
This is a local attack vector requiring user interaction. An attacker must either convince a victim to add a malicious dependency to their project directly or inject a malicious transitive dependency through a compromised package. When the victim runs gleam deps download or any command that triggers dependency resolution, the malicious dependency name is processed, allowing the attacker to:
- Delete arbitrary directories accessible by the user running the compiler
- Create directories at attacker-controlled locations
- Potentially achieve code execution by overwriting sensitive files such as .git/hooks/ or shell configuration files like .bashrc
The following patch demonstrates the fix implemented in compiler-core/src/config.rs to add proper deserialization validation for dependency names:
pub description: EcoString,
#[serde(default, alias = "docs")]
pub documentation: Docs,
- #[serde(default, serialize_with = "ordered_map")]
+ #[serde(
+ default,
+ serialize_with = "ordered_map",
+ deserialize_with = "dependencies_map::deserialize"
+ )]
pub dependencies: Dependencies,
- #[serde(default, alias = "dev-dependencies", serialize_with = "ordered_map")]
+ #[serde(
+ default,
+ alias = "dev-dependencies",
+ serialize_with = "ordered_map",
+ deserialize_with = "dependencies_map::deserialize"
+ )]
pub dev_dependencies: Dependencies,
#[serde(default)]
pub repository: Option<Repository>,
Source: GitHub Commit 1aa5d8e
The corresponding fix for manifest validation in compiler-core/src/manifest.rs:
#[derive(Debug, Clone, serde::Serialize, serde::Deserialize, PartialEq, Eq)]
pub struct Manifest {
- #[serde(serialize_with = "ordered_map")]
+ #[serde(
+ serialize_with = "ordered_map",
+ deserialize_with = "super::config::dependencies_map::deserialize"
+ )]
pub requirements: HashMap<EcoString, Requirement>,
#[serde(serialize_with = "sorted_vec")]
pub packages: Vec<ManifestPackage>,
Source: GitHub Commit 2dc0467
Detection Methods for CVE-2026-32146
Indicators of Compromise
- Unexpected directory deletions or modifications outside the project's build/ or dependency directories
- Presence of dependency names containing ../, absolute paths, or characters outside the expected pattern (lowercase letters, numbers, underscores) in gleam.toml or manifest.toml
- Modifications to sensitive files such as git hooks, shell configuration files, or other user-writable system files following Gleam dependency operations
- Unusual file system activity during gleam deps download or gleam build commands
Detection Strategies
- Implement file integrity monitoring on critical user directories (.git/hooks/, home directory configuration files)
- Audit gleam.toml and manifest.toml files for dependency names containing path traversal characters or invalid patterns
- Monitor filesystem operations during Gleam build processes for writes outside expected directories
- Review transitive dependencies for suspicious naming patterns before adding new packages to projects
Monitoring Recommendations
- Configure SentinelOne to alert on unexpected file modifications in user home directories during build tool execution
- Enable logging for filesystem operations performed by the Gleam compiler process
- Implement CI/CD pipeline checks to validate dependency names against expected patterns before builds
How to Mitigate CVE-2026-32146
Immediate Actions Required
- Upgrade Gleam compiler to version 1.15.4 or later immediately
- Audit existing projects' gleam.toml and manifest.toml files for any suspicious dependency names
- Review any unexpected file system changes that may have occurred prior to patching
- Consider temporarily disabling automated dependency updates until the patched version is deployed
Patch Information
The vulnerability has been addressed in Gleam version 1.15.4. The fix introduces proper validation during configuration file parsing through custom deserializers that enforce package name constraints (lowercase letters, numbers, and underscores only). Two commits address this issue:
- Commit 1aa5d8e - Adds validation during gleam.toml parsing to error immediately on invalid dependency names
- Commit 2dc0467 - Extends validation to manifest.toml parsing
For additional details, refer to the GitHub Security Advisory GHSA-vq5j-55vx-wq8j.
Workarounds
- Manually audit all dependency names in gleam.toml and manifest.toml before running dependency commands
- Only add dependencies from trusted sources with verified naming conventions
- Run Gleam dependency operations in isolated environments (containers, sandboxes) to limit potential damage from exploitation
- Implement pre-commit hooks to validate dependency names match the expected pattern of lowercase letters, numbers, and underscores only
# Example: Validate dependency names in gleam.toml before running build
# Check for path traversal sequences or invalid characters
grep -E '\.\./|/|[^a-z0-9_]' gleam.toml | grep -E '^\[?dependencies' && echo "WARNING: Potentially malicious dependency names detected"
# Run Gleam builds in a container to isolate filesystem access
docker run --rm -v $(pwd):/app -w /app gleam-lang/gleam:latest deps download
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
