CVE-2025-69820: Beam Exposes sensitive information via joinCleanPath function

January 22, 2026 (updated January 29, 2026)

Directory Traversal vulnerability in Beam beta9 v.0.1.552 allows a remote attacker to obtain sensitive information via the joinCleanPath function

References

github.com/advisories/GHSA-73jg-4qh6-3f4g
github.com/beam-cloud/beta9
github.com/beam-cloud/beta9/blob/c1cd75e813cf7d53e916157d920099e89ef45caa/pkg/abstractions/volume/multipart.go
github.com/ryotaromatsui/CVEs/tree/main/CVE-2025-69820
nvd.nist.gov/vuln/detail/CVE-2025-69820

Code Behaviors & Features

Detect and mitigate CVE-2025-69820 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →