CVE-2026-8257
LOWWebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion
Title source: cnaDescription
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.
References (8)
Core 8
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-362554 | WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion
https://vuldb.com/vuln/362554
Signature, Permissions Required signature
permissions-required
VDB-362554 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/362554/cti
Third Party Advisory third-party-advisory
Submit #809552 | WebAssembly Community Binaryen main branch commit 3ef8d19 (v117 development version, vulnerable version before fix commit 1251efb) Fixed version: commit 1251ef Assertion Failure, Denial of Service (Local DoS)
https://vuldb.com/submit/809552
Issue Tracking issue-tracking
https://github.com/WebAssembly/binaryen/issues/8633
Patch issue-tracking
patch
https://github.com/WebAssembly/binaryen/pull/8635
Patch exploit
patch
https://github.com/HackC0der/CVE-Repos/blob/main/wasm-binaryen/Assertion_Failure_isRef_wasm_Type_getHeapType_commit_3ef8d19
Product product
https://github.com/WebAssembly/binaryen/
Scores
CVSS v3
3.3
EPSS
0.0016
EPSS Percentile
5.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-617
Status
published
Products (2)
webassembly/binaryen
< 117
WebAssembly/Binaryen
117
Published
May 11, 2026
Tracked Since
May 11, 2026