CVE-2026-42795 Overview
CVE-2026-42795 is a symlink following vulnerability in the Gleam programming language toolchain. The flaw exists in the Hex package export functionality of the Gleam compiler CLI. File collection helpers in compiler-cli/src/fs.rs use follow_links(true) when walking publishable directories such as src/ and priv/. The resolved paths are passed to add_path_to_tar in compiler-cli/src/publish.rs without verifying that the target remains inside the project root. An attacker with write access to a Gleam project repository can plant a symlink that causes gleam publish or gleam export hex-tarball to embed arbitrary local files into the published package. This issue affects Gleam from 0.10.0-rc1 until 1.17.0.
Critical Impact
Maintainer secrets, tokens, and SSH keys readable by the publisher can be silently leaked into published Hex packages.
Affected Products
- Gleam compiler from 0.10.0-rc1 through versions prior to 1.17.0
- gleam publish workflow
- gleam export hex-tarball workflow
Discovery Timeline
- 2026-06-02 - CVE-2026-42795 published to NVD
- 2026-06-02 - Last updated in NVD database
Technical Details for CVE-2026-42795
Vulnerability Analysis
The vulnerability is classified under [CWE-59] Improper Link Resolution Before File Access (Link Following). The Gleam compiler CLI gathers files for Hex package publishing through three helpers: gleam_files, native_files, and private_files. These helpers walk publishable directories using follow_links(true), which transparently dereferences symbolic links during traversal.
Collected paths are then passed to add_path_to_tar in compiler-cli/src/publish.rs. The packaging step writes the resolved file contents into the tarball without validating that the resolved target remains within the project root. As a result, a symlink under src/ or priv/ pointing outside the repository causes external file contents to be embedded in the generated package artifact.
Root Cause
The root cause is missing path containment validation after link resolution. The walker enables follow_links(true), but no subsequent check confirms that the canonicalized target path is a descendant of the project root. The packager treats any walked entry as publishable input.
Attack Vector
Exploitation requires write access to the project repository, for example through a malicious pull request, a compromised contributor account, or a supply chain dependency that drops files into the tree. The attacker places a symlink in src/ or priv/ pointing to a sensitive file such as ~/.ssh/id_rsa, ~/.netrc, or an environment file containing Hex API tokens. When a maintainer or continuous integration pipeline runs gleam publish or gleam export hex-tarball, the symlink target is read with the publisher's privileges and silently embedded into the generated tarball, which is then uploaded to the Hex registry.
See the GitHub Security Advisory and the CNA Security Advisory for additional technical detail.
Detection Methods for CVE-2026-42795
Indicators of Compromise
- Symbolic links present under src/ or priv/ resolving to paths outside the project root
- Hex package tarballs containing files whose paths or contents do not match repository sources
- Unexpected files such as id_rsa, .netrc, or .env content appearing in generated .tar archives
- Pull requests that add files of type symlink to publishable directories
Detection Strategies
- Inspect generated tarballs before publishing with tar -tvf and compare file inventories against the repository tree
- Run find src priv -type l in CI to enumerate symbolic links inside publishable directories and fail the build if any are present
- Diff Hex package contents across releases to flag unexpected new files or anomalous file sizes
- Scan repositories for symlinks added in recent commits using git log --diff-filter=A --name-status
Monitoring Recommendations
- Audit CI/CD pipeline logs for invocations of gleam publish and gleam export hex-tarball and record the resulting artifact hashes
- Rotate and monitor Hex API tokens, SSH keys, and any other secrets accessible to publish jobs for unexpected use
- Alert on commits to publishable directories that introduce non-regular files, especially symbolic links
How to Mitigate CVE-2026-42795
Immediate Actions Required
- Upgrade Gleam to version 1.17.0 or later on every developer workstation and CI runner that executes gleam publish or gleam export hex-tarball
- Audit recently published Hex packages for embedded files outside the expected source tree and yank any package that leaked secrets
- Rotate Hex API tokens, SSH keys, and other credentials that may have been exposed through previous publishes from compromised or untrusted branches
- Restrict publish authority to a small set of reviewed maintainers and isolated CI jobs
Patch Information
The fix is delivered in Gleam 1.17.0. The corrective change is tracked in the GitHub commit and documented in the OSV Vulnerability Report. The patch ensures that file collection during Hex export does not follow symlinks out of the project root.
Workarounds
- Remove all symbolic links from src/ and priv/ before invoking gleam publish or gleam export hex-tarball
- Run publish workflows in ephemeral CI containers that do not contain secrets, SSH keys, or tokens on the local filesystem
- Add a pre-publish CI check that fails when find src priv -type l returns any entries
- Manually inspect the contents of the generated tarball before uploading to the Hex registry
# Pre-publish CI guard: fail if symlinks exist in publishable directories
set -euo pipefail
if [ -n "$(find src priv -type l 2>/dev/null)" ]; then
echo "Refusing to publish: symlinks present in src/ or priv/"
find src priv -type l
exit 1
fi
gleam export hex-tarball
tar -tvf build/*.tar
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

