QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-34983

Back to search

CVE-2026-34983

Published: Apr 9, 2026

Modified: Apr 13, 2026

PUBLISHED

Description

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following steps must occur to trigger the bug clone a wasmtime::Linker, drop the original linker instance, use the new, cloned linker instance, resulting in a use-after-free. This vulnerability is fixed in 43.0.1.

VendorProductVersions

bytecodealliance

wasmtime

affected
>= 43.0.0, < 43.0.1

Weaknesses (CWE)

CWE-416

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2026-34983 - Security Vulnerability | QwikSec