PT-2026-39550 · Binaryen · Binaryen

Pwn3Rd

Published

2026-05-11

Updated

2026-05-21

CVE-2026-8257

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions WebAssembly Binaryen versions prior to 118

Description An issue exists in the BrOn Parser component within the IRBuilder::makeBrOn() function of the src/wasm/wasm-ir-builder.cpp file. A specific manipulation can lead to a reachable assertion, which is a condition where the program reaches a state that the developers assumed was impossible, typically causing the application to crash. This requires local access to be exploited.

Recommendations Install the patch 1251efbc1ea471c1311d2726b2bbe061ff2a291c to resolve this issue.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

CVE-2026-8257

Affected Products

Binaryen

PT-2026-39550 · Binaryen · Binaryen

CVE-2026-8257

Weakness Enumeration

Related Identifiers

Affected Products

References · 19