Use-After-Free Vulnerability in Wasmtime Runtime by Bytecode Alliance
CVE-2026-34983

1LOW

Key Information:

Vendor: Bytecodealliance
Status: Wasmtime
Vendor: CVE Published:; 9 April 2026

🔔 Create Bytecodealliance Vulnerability Alert

What is CVE-2026-34983?

A vulnerability exists within the Wasmtime runtime for WebAssembly, where the cloning of a wasmtime::Linker instance in version 43.0.0 leads to potential use-after-free issues. This flaw is not dictated by the actions of guest Wasm programs but instead arises from a specific sequence of API calls made by the host. To exploit this vulnerability, an attacker must perform the following steps: clone a wasmtime::Linker, drop the original linker instance, and subsequently use the newly cloned linker instance. This misuse results in a use-after-free scenario, which can compromise the integrity of the executing code. The issue has been rectified in version 43.0.1 of Wasmtime.

Affected Version(s)

wasmtime >= 43.0.0, < 43.0.1

References

https://github.com/bytecodealliance/wasmtime/security/adv...

x_refsource_CONFIRM

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-34983 Data

JSON