PT-2026-56584 · Bytecode Alliance · Wasmtime

Publicado

2026-07-08

·

Atualizado

2026-07-08

·

CVE-2026-58494

CVSS v3.1

6.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite host files exposed as FilePerms::READ through wasip1, wasip2, or wasip3 filesystem interfaces. This issue is fixed in versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1.

Correção

Improper Preservation of Permissions

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-58494

Produtos afetados

Wasmtime