Loading
Generated remediation guidance and an executive summary. No account required.
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following steps must occur to trigger the bug clone a wasmtime::Linker, drop the original linker instance, use the new, cloned linker instance, resulting in a use-after-free. This vulnerability is fixed in 43.0.1.
Cite this page
CVE-2026-34983. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-34983
Use CWE-416, Bytecodealliance vendor hub and Wasmtime product page to widen CVE-2026-34983 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-34987, CVE-2026-34971 and CVE-2026-34941 for nearby disclosures in the same product family.