Vulnerability DatabaseCVE-2026-8257
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-8257
Published:May 11, 2026
Updated:May 16, 2026
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.
Related Resources (8)
https://github.com/WebAssembly/binaryen/
https://github.com/WebAssembly/binaryen/pull/8635
https://github.com/WebAssembly/binaryen/issues/8633
https://vuldb.com/vuln/362554/cti
https://vuldb.com/vuln/362554
https://vuldb.com/submit/809552
https://github.com/HackC0der/CVE-Repos/blob/main/wasm-binaryen/Assertion_Failure_isRef_wasm_Type_getHeapType_commit_3ef8d19
https://github.com/WebAssembly/binaryen/commit/1251efbc1ea471c1311d2726b2bbe061ff2a291c
Do you need more information?
Contact Us
CVSS v4
Base Score:
1.9
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
POC
CVSS v3
Base Score:
3.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
Exploit Maturity
PROOF-OF-CONCEPT
Weakness Type (CWE)
Reachable Assertion
CWE-617
EPSS
Base Score:
0.01