Skip to main content

Ladybird

1 CVEs product

Monthly

CVE-2026-58592 HIGH POC This Week

Reachable code execution in the Ladybird browser arises from a dangling-reference flaw (CWE-825) in the WebAssembly ESM-integration module loader, where a stack-local Wasm::FunctionType is captured by reference and read after destruction. A malicious web page can chain the resulting stale result-type data into an arbitrary write via the WASM-GC array.set handler and gain code execution in the WebContent process. Reported by VulnCheck with publicly available exploit code exists; it is not listed in CISA KEV, so no confirmed active exploitation, but a working PoC lowers the barrier for weaponization.

RCE Ladybird
NVD GitHub
CVSS 4.0
8.9
EPSS
0.3%
EPSS 0% CVSS 8.9
HIGH POC This Week

Reachable code execution in the Ladybird browser arises from a dangling-reference flaw (CWE-825) in the WebAssembly ESM-integration module loader, where a stack-local Wasm::FunctionType is captured by reference and read after destruction. A malicious web page can chain the resulting stale result-type data into an arbitrary write via the WASM-GC array.set handler and gain code execution in the WebContent process. Reported by VulnCheck with publicly available exploit code exists; it is not listed in CISA KEV, so no confirmed active exploitation, but a working PoC lowers the barrier for weaponization.

RCE Ladybird
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy