Description
Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 path_open interfaces by opening a file with only the OpenFlags::TRUNCATE oflag. The root cause is that the clause handling OpenFlags::TRUNCATE in crates/wasi/src/filesystem.rs (Dir::open_at, lines 967–969) did not set open_mode |= OpenMode::WRITE;, which is later used for the access control check against FilePerms to determine whether opening the file is permitted; the single-line fix adds that missing assignment, after which the affected calls correctly fail with error-code.not-permitted and ERRNO_PERM respectively. Only wasmtime-wasi embeddings that combine DirPerms::MUTATE with FilePerms::READ are affected by this bug. In particular, the Wasmtime project's wasmtime-cli's use of wasmtime-wasi is not affected, because it always sets FilePerms::all() for all preopens. This issue has been fixed in versions 24.0.9, 36.0.10 and44.0.2.
Published: 2026-06-15
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Wasmtime’s WebAssembly System Interface (WASI) permits a malicious module to open a file with the TRUNCATE flag, bypassing the host’s FilePerms::WRITE restriction when DirPerms::MUTATE and FilePerms::READ are used. The bug stems from not setting the WRITE mode in the open_mode flag, causing the access control check to pass. This allows an attacker to truncate or overwrite files that should remain read‑only, potentially compromising configuration files or other critical data. The flaw is an Access Control weakness (CWE‑284).

Affected Systems

Affected products are Wasmtime runtimes from Bytecode Alliance prior to versions 24.0.9, 36.0.10, and 44.0.2. Only Wasmtime embeddings that combine DirPerms::MUTATE with FilePerms::READ are vulnerable; the wasmtime‑cli is not affected because it always uses FilePerms::all. The vulnerability has been fixed in the mentioned releases. If you use an older Wasmtime or an affected embedding, the issue remains.

Risk and Exploitability

The CVSS score of 7.5 indicates a medium‑to‑high severity. The EPSS score below 1% implies low likelihood of real‑world exploitation at the moment. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is a malicious WebAssembly module that requests a file open with PATH_OPEN or OPEN_AT and uses the TRUNCATE flag; if the host confines access with FilePerms::READ and DirPerms::MUTATE, the module can manipulate the file contents. Since Wasmtime can run untrusted code in applications, this flaw could allow local privilege escalation for processes running Wasmtime or exfiltration of modified data. Regular patching mitigates the risk.

Generated by OpenCVE AI on June 16, 2026 at 21:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a fixed Wasmtime release (v24.0.9, v36.0.10, v44.0.2 or later)
  • Modify embedding configuration to avoid combining DirPerms::MUTATE with FilePerms::READ when setting up preopens
  • Restrict the use of the TRUNCATE flag from untrusted modules until a patch is available

Generated by OpenCVE AI on June 16, 2026 at 21:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2r75-cxrj-cmph wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
History

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Bytecodealliance
Bytecodealliance wasmtime
Vendors & Products Bytecodealliance
Bytecodealliance wasmtime

Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 path_open interfaces by opening a file with only the OpenFlags::TRUNCATE oflag. The root cause is that the clause handling OpenFlags::TRUNCATE in crates/wasi/src/filesystem.rs (Dir::open_at, lines 967–969) did not set open_mode |= OpenMode::WRITE;, which is later used for the access control check against FilePerms to determine whether opening the file is permitted; the single-line fix adds that missing assignment, after which the affected calls correctly fail with error-code.not-permitted and ERRNO_PERM respectively. Only wasmtime-wasi embeddings that combine DirPerms::MUTATE with FilePerms::READ are affected by this bug. In particular, the Wasmtime project's wasmtime-cli's use of wasmtime-wasi is not affected, because it always sets FilePerms::all() for all preopens. This issue has been fixed in versions 24.0.9, 36.0.10 and44.0.2.
Title Wasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Bytecodealliance Wasmtime
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-16T12:46:04.260Z

Reserved: 2026-05-18T23:03:37.229Z

Link: CVE-2026-47261

cve-icon Vulnrichment

Updated: 2026-06-16T12:45:59.846Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T21:17:11.153

Modified: 2026-06-16T15:49:43.327

Link: CVE-2026-47261

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T21:15:03Z

Weaknesses