CVE-2026-34983
Wasmtime has a use-after-free bug after cloning `wasmtime::Linker`
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
4th
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following steps must occur to trigger the bug clone a wasmtime::Linker, drop the original linker instance, use the new, cloned linker instance, resulting in a use-after-free. This vulnerability is fixed in 43.0.1.
| CWE | CWE-416 |
| Vendor | bytecodealliance |
| Product | wasmtime |
| Published | Apr 9, 2026 |
| Last Updated | Apr 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for bytecodealliance wasmtime
Be the first to know when new unknown vulnerabilities affecting bytecodealliance wasmtime are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
bytecodealliance / wasmtime
>= 43.0.0, < 43.0.1