Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
AV:L because exploitation requires controlling a WASI guest process on the same host; PR:L for that guest execution channel; S:C and I:H for host filesystem write bypass across the sandbox boundary.
Primary rating from Vendor (github).
CVSS VectorVendor: github
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite host files exposed as FilePerms::READ through wasip1, wasip2, or wasip3 filesystem interfaces. This issue is fixed in versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1.
AnalysisAI
Wasmtime's WASI filesystem implementation allows a sandboxed WebAssembly guest to overwrite host files that were intentionally exposed as read-only preopens. The wasmtime-wasi component checks directory-level permissions during hard-link creation (path_link) and rename (path_rename) operations but fails to verify that the source and destination preopens carry matching FilePerms flags - meaning FilePerms::READ enforcement is bypassed at the operation level. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a WASI guest be executing inside a vulnerable Wasmtime instance and that the host application has configured at least one preopen with FilePerms::READ on a source directory containing files the attacker wishes to overwrite. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N scores 6.5 Medium, but the S:C (Scope Changed) flag is the most operationally significant element - it signals a sandbox-escape class of impact where a WASI guest breaks out of its confined capability set to affect the host filesystem. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker supplying a malicious WebAssembly module to a Wasmtime-hosted runtime - such as a serverless function platform or plugin system - crafts a WASI binary that holds a read-only preopen to a directory alongside a writable preopen elsewhere. The module calls path_rename or path_link to move or link a host file from the read-only preopen into a target path, bypassing the FilePerms::READ restriction because the runtime's permission check inspects directory access but not the preopen's FilePerms, resulting in the guest overwriting host files it should never have been able to modify. … |
| Remediation | Upgrade to one of the vendor-released patched versions: v24.0.11, v36.0.12, v45.0.3, or v46.0.1, available from the Bytecode Alliance GitHub releases page and the official security advisory at github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-281 – Improper Preservation of Permissions
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42393