RUSTSEC-2026-0020: Guest-controlled resource exhaustion in WASI implementations

| Details |  |
| --- | --- |
| Package | `wasmtime` |
| Version | `41.0.1` |
| URL | https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w |
| Patched Versions | >=24.0.6, <25.0.0 OR >=36.0.6, <37.0.0 OR >=40.0.4, <41.0.0 OR >=41.0.4 |
| Aliases | [CVE-2026-27204](https://nvd.nist.gov/vuln/detail/CVE-2026-27204), [GHSA-852m-cvvp-9p4w](https://github.com/advisories/GHSA-852m-cvvp-9p4w) |


This is an entry in the RustSec database for the Wasmtime security advisory
located at
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w
For more information see the GitHub-hosted security advisory.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUSTSEC-2026-0020: Guest-controlled resource exhaustion in WASI implementations #220

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Details
Package	`wasmtime`
Version	`41.0.1`
URL	GHSA-852m-cvvp-9p4w
Patched Versions	>=24.0.6, <25.0.0 OR >=36.0.6, <37.0.0 OR >=40.0.4, <41.0.0 OR >=41.0.4
Aliases	CVE-2026-27204, GHSA-852m-cvvp-9p4w

RUSTSEC-2026-0020: Guest-controlled resource exhaustion in WASI implementations #220

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions