PT-2026-54921 · Ladybird · Ladybird

Bikini

·

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-58592

CVSS v3.1

8.3

High

VectorAV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Ladybird (affected versions not specified)
Description A memory-safety flaw exists in the WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to create host function(). The host callback captures this reference, which becomes dangling once the ESM link-loop iteration ends and the FunctionType is destroyed. This allows the host callback to return an empty result vector for a statically non-empty result, causing the destination register to retain an attacker-influenced value. This value is then consumed by the WASM-GC array.set handler, which performs a null check and bit-casts the reference low bits to an ArrayInstance pointer, leading to an arbitrary write. A web page can exploit this chain to achieve code execution within the WebContent process. This issue is reachable from HTML content without requiring instrumentation or source modification.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Type Confusion

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58592

Affected Products

Ladybird