CVE-2026-34987

creationtimestamp| type| source ---|---|--- 2026-04-09 16:51:40+00:00| published-proof-of-concept| https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xx5w-cvp6-jv83 2026-04-09 21:14:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3pzincgu2i 2026-04-09...

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +108 more potentially affected by CVE-2026-34987 via wasmtime (>=0.10.0 <=2.0.2)

wasmtime CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.44.0 and more Source cves: CVE-2026-34987 Source advisory: OSV:RUSTSEC-2026-0095...

Linux Distros Unpatched Vulnerability : CVE-2026-34987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow...