CVE-2026-24116

MEDIUM EPSS 11.7%
Published Jan 27, 20265mo ago · Modified Jun 17, 20261w ago
4.1 CVSS 4.0
Medium
Find Similar
Published Jan 27, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago

Description

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign` WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but unless there is another bug in Cranelift this data is not visible to WebAssembly guests. Wasmtime 36.0.5, 40.0.3, and 41.0.1 have been released to fix this issue. Users are recommended to upgrade to the patched versions of Wasmtime. Other affected versions are not patched and users should updated to supported major version instead. This bug can be worked around by enabling signals-based-traps. While disabling guard pages can be a quick fix in some situations, it's not recommended to disabled guard pages as it is a key defense-in-depth measure of Wasmtime.

CVSS Details

Base Score
4.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
11.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 3

VendorProductVersionRange
bytecodealliancewasmtime*≥29.0.0  –  <36.0.5
bytecodealliancewasmtime*≥40.0.0  –  <40.0.3
bytecodealliancewasmtime*≥41.0.0  –  <41.0.1

References 8

  • docs.rs https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.memory_guard_size
    Product
  • docs.rs https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.signals_based_traps
    Product
  • docs.wasmtime.dev https://docs.wasmtime.dev/stability-release.html
    Release Notes
  • github.com https://github.com/bytecodealliance/wasmtime/commit/728fa07184f8da2a046f48ef9b61f869dce133a6
    Patch
  • github.com https://github.com/bytecodealliance/wasmtime/commit/799585fc362fcb991de147dd1a9f2ba0861ed440
    Patch
  • github.com https://github.com/bytecodealliance/wasmtime/commit/ac92d9bb729ad3a6d93f0724c4c33a0c4a9c0227
    Patch
  • github.com https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73
    PatchVendor Advisory
  • rustsec.org https://rustsec.org/advisories/RUSTSEC-2026-0006.html
    Third Party Advisory

Remediation

  • github.com https://github.com/bytecodealliance/wasmtime/commit/728fa07184f8da2a046f48ef9b61f869dce133a6
    Patch
  • github.com https://github.com/bytecodealliance/wasmtime/commit/799585fc362fcb991de147dd1a9f2ba0861ed440
    Patch
  • github.com https://github.com/bytecodealliance/wasmtime/commit/ac92d9bb729ad3a6d93f0724c4c33a0c4a9c0227
    Patch
  • github.com https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73
    PatchVendor Advisory