CVE-2026-8257
3.3 LOWA vulnerability was detected in WebAssembly Binaryen up to 117
Published: 2026-05-11 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 3.3 LOW
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-617
Affected products
| Vendor | Product |
|---|---|
| webassembly | binaryen |
Description
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8257
- [Exploit reference]https://github.com/HackC0der/CVE-Repos/blob/main/wasm-binaryen/Assertion_Failure_isRef_wasm_Type_getHeapType_commit_3ef8d19
- [Other]https://github.com/WebAssembly/binaryen/
- [Patch]https://github.com/WebAssembly/binaryen/commit/1251efbc1ea471c1311d2726b2bbe061ff2a291c
- [Exploit reference]https://github.com/WebAssembly/binaryen/issues/8633
- [Patch]https://github.com/WebAssembly/binaryen/pull/8635
- [Other]https://vuldb.com/submit/809552
- [Other]https://vuldb.com/vuln/362554
- [Other]https://vuldb.com/vuln/362554/cti
Related CVEs
Same CWE
- CVE-2026-29116 — A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, ...
- CVE-2026-29115 — A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, tr...
- CVE-2026-46543 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (5.3 MEDIUM)
- CVE-2026-46542 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (4.3 MEDIUM)
- CVE-2026-9750 — An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal ... (6.5 MEDIUM)