CVE-2026-27195
EPSS 0.08%Panic when dropping a `[Typed]Func::call_async` future
Published: 2/24/2026Modified: 2/24/2026
Description
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94 For more information see the GitHub-hosted security advisory.
Affected packages (2)
- crates.io/wasmtime>= 39.0.0, < 40.0.4
- crates.io/wasmtime>= 39.0.0, < 40.0.4, >= 41.0.0, < 41.0.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H |
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-27195
- PATCHhttps://crates.io/crates/wasmtime
- PATCHhttps://github.com/bytecodealliance/wasmtime
- WEBhttps://bytecodealliance.zulipchat.com/#narrow/channel/206238-general/topic/.E2.9C.94.20Panic.20in.20Wasmtime.2041.2E0.2E3.20.28runtime.2Fconcurrent.2Fcomponent.29/with/574438798
- WEBhttps://github.com/bytecodealliance/wasmtime/commit/9e51c0d9a240a9613d279c061f82286bd11383fd
- WEBhttps://github.com/bytecodealliance/wasmtime/commit/d86b00736b9ece60b3c81e52f7a7e4cdd9f7d895
- WEBhttps://github.com/bytecodealliance/wasmtime/releases/tag/v40.0.4
- WEBhttps://github.com/bytecodealliance/wasmtime/releases/tag/v41.0.4
- WEBhttps://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94
- WEBhttps://rustsec.org/advisories/RUSTSEC-2026-0022.html