CVE-2026-8257

The CVE affects WebAssembly Binaryen up to 117, specifically the BrOn Parser component’s IRBuilder::makeBrOn in src/wasm/wasm-ir-builder.cpp. A reachable assertion can be triggered by manipulation in this function. Local attack vector; the exploit is public and may be used. A patch exists (hash: ...