Skip to main content

Wasmtime CVE-2026-58494

| EUVDEUVD-2026-42393 MEDIUM
Improper Preservation of Permissions (CWE-281)
2026-07-08 security-advisories@github.com
6.5
CVSS 3.1 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
vuln.today AI
6.5 MEDIUM

AV:L because exploitation requires controlling a WASI guest process on the same host; PR:L for that guest execution channel; S:C and I:H for host filesystem write bypass across the sandbox boundary.

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N

Primary rating from Vendor (github).

CVSS VectorVendor: github

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 08, 2026 - 22:25 vuln.today
Patch available
Jul 08, 2026 - 22:04 EUVD

DescriptionCVE.org

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite host files exposed as FilePerms::READ through wasip1, wasip2, or wasip3 filesystem interfaces. This issue is fixed in versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1.

AnalysisAI

Wasmtime's WASI filesystem implementation allows a sandboxed WebAssembly guest to overwrite host files that were intentionally exposed as read-only preopens. The wasmtime-wasi component checks directory-level permissions during hard-link creation (path_link) and rename (path_rename) operations but fails to verify that the source and destination preopens carry matching FilePerms flags - meaning FilePerms::READ enforcement is bypassed at the operation level. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker supplies malicious WASM module
Delivery
Module is loaded by vulnerable Wasmtime with mixed-permission preopens
Exploit
Guest invokes path_link or path_rename across preopens
Execution
Runtime checks directory permissions, skips FilePerms::READ validation
Persist
Read-only preopen restriction bypassed
Impact
Guest overwrites host file

Vulnerability AssessmentAI

Exploitation Exploitation requires that a WASI guest be executing inside a vulnerable Wasmtime instance and that the host application has configured at least one preopen with FilePerms::READ on a source directory containing files the attacker wishes to overwrite. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N scores 6.5 Medium, but the S:C (Scope Changed) flag is the most operationally significant element - it signals a sandbox-escape class of impact where a WASI guest breaks out of its confined capability set to affect the host filesystem. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker supplying a malicious WebAssembly module to a Wasmtime-hosted runtime - such as a serverless function platform or plugin system - crafts a WASI binary that holds a read-only preopen to a directory alongside a writable preopen elsewhere. The module calls path_rename or path_link to move or link a host file from the read-only preopen into a target path, bypassing the FilePerms::READ restriction because the runtime's permission check inspects directory access but not the preopen's FilePerms, resulting in the guest overwriting host files it should never have been able to modify. …
Remediation Upgrade to one of the vendor-released patched versions: v24.0.11, v36.0.12, v45.0.3, or v46.0.1, available from the Bytecode Alliance GitHub releases page and the official security advisory at github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-58494 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy