Memory Management Flaw in Wasmtime Runtime for WebAssembly
CVE-2026-24116
What is CVE-2026-24116?
Wasmtime, a runtime for WebAssembly, has a vulnerability that affects versions prior to 36.0.5, 40.0.3, and 41.0.1. On x86-64 platforms utilizing AVX instructions, the compilation of the f64.copysign WebAssembly instruction may inaccurately load excess bytes, potentially leading to unhandled segmentation faults in scenarios where signals-based traps are disabled. This flaw allows for the possibility of unintended data being accessed from unmapped guard pages, although it's generally not visible to WebAssembly guests unless another bug exists within Cranelift. To mitigate this vulnerability, users are encouraged to upgrade to the specified patched versions. Maintaining guard pages is critical for the security of Wasmtime and disabling them is not recommended.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
wasmtime >= 29.0.0, < 36.0.5 < 29.0.0, 36.0.5
wasmtime >= 37.0.0, < 40.0.3 < 37.0.0, 40.0.3
wasmtime = 41.0.0 = 41.0.0
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved