PT-2026-56584 · Bytecode Alliance · Wasmtime
Publicado
2026-07-08
·
Atualizado
2026-07-08
·
CVE-2026-58494
CVSS v3.1
6.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite host files exposed as FilePerms::READ through wasip1, wasip2, or wasip3 filesystem interfaces. This issue is fixed in versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1.
Correção
Improper Preservation of Permissions
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Wasmtime