CVE-2026-47261
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.5 / 10
Vulnerability Description
wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
rust
Product
wasmtime-wasi
External References
- https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph
- https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.9
- https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.10
- https://github.com/bytecodealliance/wasmtime/releases/tag/v44.0.2
- https://github.com/bytecodealliance/wasmtime/releases/tag/v45.0.0
- https://rustsec.org/advisories/RUSTSEC-2026-0149.html
- https://github.com/advisories/GHSA-2r75-cxrj-cmph
Discussion (0)
Add Comment
No comments yet. Be the first!