CVE-2026-8257

Source
https://cve.org/CVERecord?id=CVE-2026-8257
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8257.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8257
Downstream
Published
2026-05-11T00:30:13.661Z
Modified
2026-07-08T08:11:39.059929331Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion
Details

A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8257.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-617"
    ]
}
References

Affected packages

Git / github.com/webassembly/binaryen

Affected ranges

Type
GIT
Repo
https://github.com/webassembly/binaryen
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "117"
        }
    ]
}

Affected versions

1.*
1.36.10
1.36.11
1.36.12
1.36.13
1.36.14
1.36.2
1.36.3
1.36.4
1.36.5
1.36.6
1.36.7
1.36.8
1.36.9
1.37.0
1.37.1
1.37.10
1.37.11
1.37.12
1.37.13
1.37.14
1.37.15
1.37.16
1.37.17
1.37.18
1.37.19
1.37.2
1.37.20
1.37.21
1.37.22
1.37.23
1.37.24
1.37.25
1.37.26
1.37.27
1.37.28
1.37.29
1.37.3
1.37.30
1.37.31
1.37.32
1.37.33
1.37.34
1.37.35
1.37.36
1.37.37
1.37.39
1.37.4
1.37.40
1.37.5
1.37.6
1.37.7
1.37.8
1.37.9
1.38.0
1.38.1
1.38.10
1.38.11
1.38.12
1.38.13
1.38.14
1.38.15
1.38.16
1.38.17
1.38.18
1.38.19
1.38.2
1.38.20
1.38.21
1.38.22
1.38.23
1.38.24
1.38.25
1.38.26
1.38.27
1.38.28
1.38.29
1.38.3
1.38.30
1.38.31
1.38.32
1.38.4
1.38.47
1.38.48
1.38.5
1.38.6
1.38.7
1.38.8
1.38.9
1.39.1
Other
117
binary_0xb
rebuild-121
version_1
version_10
version_100
version_101
version_102
version_103
version_104
version_105
version_106
version_107
version_108
version_109
version_11
version_110
version_111
version_112
version_113
version_114
version_115
version_116
version_117
version_118
version_119
version_12
version_120
version_120_b
version_121
version_122
version_123
version_124
version_125
version_126
version_127
version_128
version_129
version_13
version_14
version_15
version_16
version_17
version_18
version_19
version_2
version_20
version_21
version_22
version_23
version_24
version_25
version_26
version_27
version_28
version_29
version_3
version_30
version_31
version_32
version_33
version_34
version_35
version_36
version_37
version_38
version_39
version_4
version_40
version_41
version_42
version_43
version_44
version_45
version_46
version_47
version_48
version_49
version_5
version_50
version_51
version_52
version_53
version_54
version_55
version_56
version_57
version_58
version_59
version_6
version_60
version_61
version_62
version_63
version_64
version_65
version_66
version_67
version_68
version_69
version_7
version_70
version_71
version_72
version_73
version_74
version_75
version_76
version_77
version_78
version_79
version_8
version_80
version_81
version_82
version_83
version_84
version_85
version_86
version_87
version_88
version_89
version_9
version_90
version_91
version_92
version_93
version_94
version_95
version_96
version_97
version_98
version_99

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8257.json"