UBUNTU-CVE-2026-8257

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-8257

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8257.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-8257

Upstream

CVE-2026-8257

Published

2026-05-11T02:16:00Z

Modified

2026-05-25T09:30:11.613746402Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.

References

Affected packages

Ubuntu:20.04:LTS / binaryen

Package

Name: binaryen
Purl: pkg:deb/ubuntu/binaryen?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

89-1

90-1

91-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "91-1",
            "binary_name": "binaryen"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8257.json"

Ubuntu:22.04:LTS / binaryen

Package

Name: binaryen
Purl: pkg:deb/ubuntu/binaryen?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

99-3

105-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "105-1",
            "binary_name": "binaryen"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8257.json"

Ubuntu:24.04:LTS / binaryen

Package

Name: binaryen
Purl: pkg:deb/ubuntu/binaryen?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

108-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "108-1",
            "binary_name": "binaryen"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8257.json"

Ubuntu:25.10 / binaryen

Package

Name: binaryen
Purl: pkg:deb/ubuntu/binaryen?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

120-3

120-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "120-4",
            "binary_name": "binaryen"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8257.json"

Ubuntu:26.04:LTS / binaryen

Package

Name: binaryen
Purl: pkg:deb/ubuntu/binaryen?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

120-4

120-4build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "120-4build1",
            "binary_name": "binaryen"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8257.json"