A vulnerability labeled as critical has been found in Gleam up to 1.16.x . Impacted is the function paths.build_packages_package of the file build/packages/packages.toml . The manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-43965 . The attack must be initiated from a local position. There is no exploit available. The affected component should be upgraded.