Vulnerability Description
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webassembly | Binaryen | <= 117 |
Related Weaknesses (CWE)
References
- https://github.com/HackC0der/CVE-Repos/blob/main/wasm-binaryen/Assertion_FailureExploit
- https://github.com/WebAssembly/binaryen/Product
- https://github.com/WebAssembly/binaryen/commit/1251efbc1ea471c1311d2726b2bbe061fPatch
- https://github.com/WebAssembly/binaryen/issues/8633ExploitIssue TrackingThird Party Advisory
- https://github.com/WebAssembly/binaryen/pull/8635MitigationPatch
- https://vuldb.com/submit/809552Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/362554Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/362554/ctiPermissions RequiredVDB Entry
FAQ
What is CVE-2026-8257?
CVE-2026-8257 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a ...
How severe is CVE-2026-8257?
CVE-2026-8257 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-8257?
Check the references section above for vendor advisories and patch information. Affected products include: Webassembly Binaryen.