LOW
WebAssembly
CVE published 2026-05-11
CVE-2026-8257
CVE-2026-8257 is a low-severity Binaryen flaw that can trigger a reachable assertion in the BrOn parser path. The issue is reported in Binaryen up to 117 and is tied to IRBuilder::makeBrOn in src/wasm/wasm-ir-builder.cpp. Source data indicates the attack is local, with a public exploit reference and a vendor patch available.