A vulnerability in Wasmtime, a runtime for WebAssembly, allows a WASI guest with read-only source file capability to overwrite host files. This issue arises from wasmtime-wasi's hard-link creation and renaming checks not properly verifying FilePerms on source and destination preopens. The vulnerability is fixed in versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1. Defenders of systems using Wasmtime should pr [truncated]
CVE-2026-47261 is a high-severity vulnerability in Wasmtime, a runtime for WebAssembly. The issue arises when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE. This access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 path_open interfaces by opening a file with only the OpenFlags::TRUNCATE oflag. The root cause lies in the handling [truncated]
A denial-of-service vulnerability exists in Wasmtime's WebAssembly table allocation logic. From versions 30.0.0 through 36.0.8, 37.0.0 through 43.0.2, and 44.0.0, checked arithmetic operations panic on overflow when allocating tables with extremely large sizes. This condition is triggerable via the WebAssembly memory64 proposal, which extends table sizes to the 64-bit range. The panic occurs during module [truncated]