CVE-2026-8257
WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
2th
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.
| CWE | CWE-617 |
| Vendor | webassembly |
| Product | binaryen |
| Published | May 11, 2026 |
| Last Updated | May 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for webassembly binaryen
Be the first to know when new low vulnerabilities affecting webassembly binaryen are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
WebAssembly / Binaryen
117
References
vuldb.com: https://vuldb.com/vuln/362554 vuldb.com: https://vuldb.com/vuln/362554/cti vuldb.com: https://vuldb.com/submit/809552 github.com: https://github.com/WebAssembly/binaryen/issues/8633 github.com: https://github.com/WebAssembly/binaryen/pull/8635 github.com: https://github.com/HackC0der/CVE-Repos/blob/main/wasm-binaryen/Assertion_Failure_isRef_wasm_Type_getHeapType_commit_3ef8d19 github.com: https://github.com/WebAssembly/binaryen/commit/1251efbc1ea471c1311d2726b2bbe061ff2a291c github.com: https://github.com/WebAssembly/binaryen/
Credits
๐ pwn3rd (VulDB User)