RUSTSEC-2026-0096: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift

| Details |  |
| --- | --- |
| Package | `wasmtime` |
| Version | `40.0.4` |
| URL | https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jhxm-h53p-jm7w |
| Patched Versions | >=36.0.7, <37.0.0 OR >=42.0.2, <43.0.0 OR >=43.0.1 |
| Aliases | [CVE-2026-34971](https://nvd.nist.gov/vuln/detail/CVE-2026-34971), [GHSA-jhxm-h53p-jm7w](https://github.com/advisories/GHSA-jhxm-h53p-jm7w) |


This is an entry in the RustSec database for the Wasmtime security advisory
located at
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jhxm-h53p-jm7w
For more information see the GitHub-hosted security advisory.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUSTSEC-2026-0096: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift #404

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Details
Package	`wasmtime`
Version	`40.0.4`
URL	GHSA-jhxm-h53p-jm7w
Patched Versions	>=36.0.7, <37.0.0 OR >=42.0.2, <43.0.0 OR >=43.0.1
Aliases	CVE-2026-34971, GHSA-jhxm-h53p-jm7w

RUSTSEC-2026-0096: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift #404

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions