CVE-2026-8257

3.3 LOW
Published: May 11, 2026 Modified: May 21, 2026
View on NVD

Description

A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/HackC0der/CVE-Repos/blob/main/wasm-binaryen/Assertion_Failure_isRef_wasm_Type_getHeapType_commit_3ef8d19
Source: cna@vuldb.com
Exploit
https://github.com/WebAssembly/binaryen/
Source: cna@vuldb.com
Product
https://github.com/WebAssembly/binaryen/commit/1251efbc1ea471c1311d2726b2bbe061ff2a291c
Source: cna@vuldb.com
Patch
https://github.com/WebAssembly/binaryen/issues/8633
Source: cna@vuldb.com
Exploit Issue Tracking Third Party Advisory
https://github.com/WebAssembly/binaryen/pull/8635
Source: cna@vuldb.com
Mitigation Patch
https://vuldb.com/submit/809552
Source: cna@vuldb.com
Third Party Advisory VDB Entry
https://vuldb.com/vuln/362554
Source: cna@vuldb.com
Third Party Advisory VDB Entry
https://vuldb.com/vuln/362554/cti
Source: cna@vuldb.com
Permissions Required VDB Entry

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
3.3 / 10.0
EPSS (Exploit Probability)
0.0%
9th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-617

Affected Vendors

webassembly

Related CVEs

CVE-2026-50100 7.8
CVE-2026-44188 5.3
CVE-2026-11860 N/A
CVE-2026-9278 N/A
CVE-2026-8935 N/A