CVE-2026-47261

HIGH7.5

WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

發布日:2026/5/21修改日:2026/5/22

也稱為:GHSA-2r75-cxrj-cmphRUSTSEC-2026-0149

描述

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph For more information see the GitHub-hosted security advisory.

受影響套件(1)

crates.io/wasmtime-wasi>= 0.0.0-0, < 24.0.9, >= 25.0.0, < 36.0.10, >= 37.0.0, < 44.0.2, >= 45.0.0, < 45.0.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

參考連結(3)

ADVISORYhttps://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph
ADVISORYhttps://rustsec.org/advisories/RUSTSEC-2026-0149.html
PATCHhttps://crates.io/crates/wasmtime-wasi