Description
Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a guest WebAssembly module this can create a situation where there are two diverging computations for the same address: one for the address to bounds-check and one for the address to load. This difference in address being operated on means that a guest module can pass a bounds check but then load a different address. Combined together this enables an arbitrary read/write primitive for guest WebAssembly when accesssing host memory. This is a sandbox escape as guests are able to read/write arbitrary host memory. This vulnerability has a few ingredients, all of which must be met, for this situation to occur and bypass the sandbox restrictions. This miscompiled shape of load only occurs on 64-bit WebAssembly linear memories, or when Config::wasm_memory64 is enabled. 32-bit WebAssembly is not affected. Spectre mitigations or signals-based-traps must be disabled. When spectre mitigations are enabled then the offending shape of load is not generated. When signals-based-traps are disabled then spectre mitigations are also automatically disabled. The specific bug in Cranelift is a miscompile of a load of the shape load(iadd(base, ishl(index, amt))) where amt is a constant. The amt value is masked incorrectly to test if it's a certain value, and this incorrect mask means that Cranelift can pattern-match this lowering rule during instruction selection erroneously, diverging from WebAssembly's and Cranelift's semantics. This incorrect lowering would, for example, load an address much further away than intended as the correct address's computation would have wrapped around to a smaller value insetad. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.
Published: 2026-04-09
Score: 9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Sandbox Escape (Arbitrary Read/Write in Host Memory)
Action: Immediate Patch
AI Analysis

Impact

Wasmtime’s Cranelift compiler for aarch64 incorrectly lowers a load instruction when a 64‑bit linear memory is used, causing the address that is bounds‑checked to differ from the address that is actually loaded. This discrepancy creates an out‑of‑bounds read or write (CWE‑125, CWE‑787) that enables a malicious WebAssembly module to read or overwrite arbitrary host memory, effectively escaping the sandbox. The flaw does not affect 32‑bit WebAssembly nor configurations that enable spectre mitigations or signals‑based traps.

Affected Systems

Bytecodealliance’s Wasmtime on the aarch64 architecture is vulnerable in versions 32.0.0 through before 36.0.7, 42.0.2, and 43.0.1 when 64‑bit linear memory is enabled, spectre mitigations are disabled, and signals‑based traps are not active. Versions 36.0.7, 42.0.2, 43.0.1 and later contain the fix, and workloads using 32‑bit memory or the protected configurations are not affected.

Risk and Exploitability

The vulnerability scores a high CVSS of 9, with no publicly documented exploit or KEV listing. Exploitation requires a malicious guest module executing in the affected environment, use of 64‑bit memory, and the disabling of spectre mitigations. While the EPSS score is not available, the severity and the potential for host process compromise make this a high‑risk condition for any application that runs untrusted WebAssembly code on aarch64.

Generated by OpenCVE AI on April 9, 2026 at 20:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Wasmtime to version 36.0.7, 42.0.2, 43.0.1, or later, verifying the patch is present in the release notes.

Generated by OpenCVE AI on April 9, 2026 at 20:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jhxm-h53p-jm7w Wasmtime: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift
History

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Bytecodealliance
Bytecodealliance wasmtime
Vendors & Products Bytecodealliance
Bytecodealliance wasmtime

Fri, 10 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

threat_severity

Important

Thu, 09 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Description Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a guest WebAssembly module this can create a situation where there are two diverging computations for the same address: one for the address to bounds-check and one for the address to load. This difference in address being operated on means that a guest module can pass a bounds check but then load a different address. Combined together this enables an arbitrary read/write primitive for guest WebAssembly when accesssing host memory. This is a sandbox escape as guests are able to read/write arbitrary host memory. This vulnerability has a few ingredients, all of which must be met, for this situation to occur and bypass the sandbox restrictions. This miscompiled shape of load only occurs on 64-bit WebAssembly linear memories, or when Config::wasm_memory64 is enabled. 32-bit WebAssembly is not affected. Spectre mitigations or signals-based-traps must be disabled. When spectre mitigations are enabled then the offending shape of load is not generated. When signals-based-traps are disabled then spectre mitigations are also automatically disabled. The specific bug in Cranelift is a miscompile of a load of the shape load(iadd(base, ishl(index, amt))) where amt is a constant. The amt value is masked incorrectly to test if it's a certain value, and this incorrect mask means that Cranelift can pattern-match this lowering rule during instruction selection erroneously, diverging from WebAssembly's and Cranelift's semantics. This incorrect lowering would, for example, load an address much further away than intended as the correct address's computation would have wrapped around to a smaller value insetad. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.
Title Wasmtime miscompiled guest heap access enables sandbox escape on aarch64 Cranelift
Weaknesses CWE-125
CWE-787
References
Metrics cvssV4_0

{'score': 9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Bytecodealliance Wasmtime
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-09T18:45:44.819Z

Reserved: 2026-03-31T19:38:31.616Z

Link: CVE-2026-34971

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-09T19:16:24.663

Modified: 2026-04-09T19:16:24.663

Link: CVE-2026-34971

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-09T18:45:44Z

Links: CVE-2026-34971 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:31:37Z

Weaknesses