Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64
Reported January 26, 2026 Issued January 27, 2026 Package wasmtime (crates.io) Type Vulnerability Aliases
-
CVE-2026-24116 References
-
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 CVSS Score 4.1 MEDIUM CVSS Details
Attack Complexity Low Attack Requirements Present Attack Vector Local Privileges Required Low Availability Impact to the Subsequent System None Confidentiality Impact to the Subsequent System None Integrity Impa…
Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64
Reported January 26, 2026 Issued January 27, 2026 Package wasmtime (crates.io) Type Vulnerability Aliases
-
CVE-2026-24116 References
-
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 CVSS Score 4.1 MEDIUM CVSS Details
Attack Complexity Low Attack Requirements Present Attack Vector Local Privileges Required Low Availability Impact to the Subsequent System None Confidentiality Impact to the Subsequent System None Integrity Impact to the Subsequent System None User Interaction Active Availability Impact to the Vulnerable System High Confidentiality Impact to the Vulnerable System None Integrity Impact to the Vulnerable System None
CVSS Vector CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Patched
>=41.0.1>=40.0.3, <41.0.0>=36.0.5, <37.0.0<29.0.0
Description
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 For more information see the GitHub-hosted security advisory.
Advisory available under CC0-1.0 license.