{"id":"CVE-2026-8257","summary":"WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion","details":"A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.","modified":"2026-07-08T08:11:39.059929331Z","published":"2026-05-11T00:30:13.661Z","database_specific":{"cwe_ids":["CWE-617"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8257.json","cna_assigner":"VulDB"},"references":[{"type":"WEB","url":"https://github.com/WebAssembly/binaryen/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8257.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8257"},{"type":"ADVISORY","url":"https://vuldb.com/submit/809552"},{"type":"ADVISORY","url":"https://vuldb.com/vuln/362554"},{"type":"REPORT","url":"https://github.com/WebAssembly/binaryen/issues/8633"},{"type":"REPORT","url":"https://vuldb.com/vuln/362554/cti"},{"type":"FIX","url":"https://github.com/HackC0der/CVE-Repos/blob/main/wasm-binaryen/Assertion_Failure_isRef_wasm_Type_getHeapType_commit_3ef8d19"},{"type":"FIX","url":"https://github.com/WebAssembly/binaryen/commit/1251efbc1ea471c1311d2726b2bbe061ff2a291c"},{"type":"FIX","url":"https://github.com/WebAssembly/binaryen/pull/8635"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/webassembly/binaryen","events":[{"introduced":"0"},{"fixed":"1251efbc1ea471c1311d2726b2bbe061ff2a291c"}],"database_specific":{"cpe":"cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"117"}],"source":["CPE_RANGE","REFERENCES"]}}],"versions":["117","version_129","version_128","version_127","version_126","version_125","version_124","version_123","version_122","version_121","rebuild-121","version_120_b","version_120","version_119","version_118","version_117","version_116","version_115","version_114","version_113","version_112","version_111","version_110","version_109","version_108","version_107","version_106","version_105","version_104","version_103","version_102","version_101","version_100","version_99","version_98","version_97","version_96","version_95","version_94","version_93","version_92","version_91","version_90","1.39.1","1.38.48","1.38.47","version_89","version_88","version_87","version_86","version_85","1.38.32","version_84","version_83","1.38.31","version_82","version_81","version_80","version_79","version_78","version_77","version_76","version_75","version_74","1.38.30","version_73","1.38.29","version_72","version_71","version_70","version_69","1.38.28","version_68","1.38.27","1.38.26","version_67","version_66","version_65","1.38.25","version_64","1.38.24","1.38.23","1.38.22","version_63","version_62","version_61","version_60","version_59","version_58","version_57","version_56","1.38.21","version_55","1.38.20","1.38.19","version_54","1.38.18","1.38.17","version_53","1.38.16","version_52","1.38.15","1.38.14","1.38.13","version_51","1.38.12","version_50","1.38.11","1.38.10","1.38.9","version_49","1.38.8","1.38.7","1.38.6","1.38.5","1.38.4","version_48","1.38.3","1.38.2","1.38.1","version_47","1.38.0","1.37.40","1.37.39","version_46","1.37.37","version_45","1.37.36","1.37.35","version_44","1.37.34","version_43","1.37.33","1.37.32","1.37.31","1.37.30","1.37.29","version_42","version_41","1.37.28","1.37.27","1.37.26","1.37.25","version_40","1.37.24","1.37.23","version_39","1.37.22","version_38","version_37","1.37.21","version_36","version_35","1.37.20","version_34","1.37.19","1.37.18","1.37.17","1.37.16","1.37.14","version_33","1.37.15","1.37.13","version_32","1.37.12","1.37.11","1.37.10","version_31","version_30","1.37.9","1.37.8","1.37.7","1.37.6","1.37.5","1.37.4","version_29","version_28","1.37.3","version_27","version_26","1.37.2","version_25","version_24","version_23","version_22","version_21","1.37.1","1.37.0","version_20","version_19","version_18","1.36.14","version_17","1.36.13","version_16","1.36.12","version_15","version_14","version_13","1.36.11","1.36.10","version_12","version_11","1.36.9","1.36.8","1.36.7","1.36.6","version_10","version_9","1.36.5","1.36.4","version_8","binary_0xb","version_3","version_7","1.36.3","1.36.2","version_6","version_5","version_4","version_2","version_1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8257.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}]}