Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:cargo/wasmtime@40.0.4
Typecargo
Namespace
Namewasmtime
Version40.0.4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version41.0.1
Latest_non_vulnerable_version43.0.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1sag-pvta-3kga
vulnerability_id VCID-1sag-pvta-3kga
summary Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the `component-model-async` feature became the default, which brought with it a new implementation of `[Typed]Func::call_async` which made it capable of calling async-typed guest export functions. However, that implementation had a bug leading to a panic under certain circumstances: First, the host embedding calls `[Typed]Func::call_async` on a function exported by a component, polling the returned `Future` once. Second, the component function yields control to the async runtime (e.g. Tokio), e.g. due to a call to host function registered using `LinkerInstance::func_wrap_async` which yields, or due an epoch interruption. Third, the host embedding drops the `Future` after polling it once. This leaves the component instance in a non-reenterable state since the call never had a chance to complete. Fourth, the host embedding calls `[Typed]Func::call_async` again, polling the returned `Future`. Since the component instance cannot be entered at this point, the call traps, but not before allocating a task and thread for the call. Fifth, the host embedding ignores the trap and drops the `Future`. This panics due to the runtime attempting to dispose of the task created above, which panics since the thread has not yet exited. When a host embedder using the affected versions of Wasmtime calls `wasmtime::component::[Typed]Func::call_async` on a guest export and then drops the returned future without waiting for it to resolve, and then does so again with the same component instance, Wasmtime will panic. Embeddings that have the `component-model-async` compile-time feature disabled are unaffected. Wasmtime 40.0.4 and 41.0.4 have been patched to fix this issue. Versions 42.0.0 and later are not affected. If an embedding is not actually using any component-model-async features then disabling the `component-model-async` Cargo feature can work around this issue. This issue can also be worked around by either ensuring every `call_async` future is awaited until it completes or refraining from using the `Store` again after dropping a not-yet-resolved `call_async` future.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27195.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27195.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27195
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.24104
published_at 2026-06-14T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.23921
published_at 2026-06-11T12:55:00Z
2
value 0.00081
scoring_system epss
scoring_elements 0.24118
published_at 2026-06-12T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.24126
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27195
2
reference_url https://github.com/bytecodealliance/wasmtime
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bytecodealliance/wasmtime
3
reference_url https://rustsec.org/advisories/RUSTSEC-2026-0022.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2026-0022.html
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442481
reference_id 2442481
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442481
5
reference_url https://bytecodealliance.zulipchat.com/#narrow/channel/206238-general/topic/.E2.9C.94.20Panic.20in.20Wasmtime.2041.2E0.2E3.20.28runtime.2Fconcurrent.2Fcomponent.29/with/574438798
reference_id 574438798
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T21:36:45Z/
url https://bytecodealliance.zulipchat.com/#narrow/channel/206238-general/topic/.E2.9C.94.20Panic.20in.20Wasmtime.2041.2E0.2E3.20.28runtime.2Fconcurrent.2Fcomponent.29/with/574438798
6
reference_url https://github.com/bytecodealliance/wasmtime/commit/9e51c0d9a240a9613d279c061f82286bd11383fd
reference_id 9e51c0d9a240a9613d279c061f82286bd11383fd
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T21:36:45Z/
url https://github.com/bytecodealliance/wasmtime/commit/9e51c0d9a240a9613d279c061f82286bd11383fd
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27195
reference_id CVE-2026-27195
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27195
8
reference_url https://github.com/bytecodealliance/wasmtime/commit/d86b00736b9ece60b3c81e52f7a7e4cdd9f7d895
reference_id d86b00736b9ece60b3c81e52f7a7e4cdd9f7d895
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T21:36:45Z/
url https://github.com/bytecodealliance/wasmtime/commit/d86b00736b9ece60b3c81e52f7a7e4cdd9f7d895
9
reference_url https://github.com/advisories/GHSA-xjhv-v822-pf94
reference_id GHSA-xjhv-v822-pf94
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xjhv-v822-pf94
10
reference_url https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94
reference_id GHSA-xjhv-v822-pf94
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T21:36:45Z/
url https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94
11
reference_url https://github.com/bytecodealliance/wasmtime/releases/tag/v40.0.4
reference_id v40.0.4
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T21:36:45Z/
url https://github.com/bytecodealliance/wasmtime/releases/tag/v40.0.4
12
reference_url https://github.com/bytecodealliance/wasmtime/releases/tag/v41.0.4
reference_id v41.0.4
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T21:36:45Z/
url https://github.com/bytecodealliance/wasmtime/releases/tag/v41.0.4
fixed_packages
0
url pkg:cargo/wasmtime@40.0.4
purl pkg:cargo/wasmtime@40.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@40.0.4
1
url pkg:cargo/wasmtime@41.0.4
purl pkg:cargo/wasmtime@41.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@41.0.4
aliases CVE-2026-27195, GHSA-xjhv-v822-pf94
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1sag-pvta-3kga
1
url VCID-2m6r-ymr5-yydu
vulnerability_id VCID-2m6r-ymr5-yydu
summary Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the `wasi:http/types.fields` resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the `wasmtime-wasi-http` crate is backed by a data structure which panics when it reaches excessive capacity and this condition was not handled gracefully in Wasmtime. Panicking in a WASI implementation is a Denial of Service vector for embedders and is treated as a security vulnerability in Wasmtime. Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 patch this vulnerability and return a trap to the guest instead of panicking. There are no known workarounds at this time. Embedders are encouraged to update to a patched version of Wasmtime.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27572.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27572.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27572
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09922
published_at 2026-06-14T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09884
published_at 2026-06-11T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09932
published_at 2026-06-12T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09937
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27572
2
reference_url https://github.com/bytecodealliance/wasmtime
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bytecodealliance/wasmtime
3
reference_url https://rustsec.org/advisories/RUSTSEC-2026-0021.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2026-0021.html
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442485
reference_id 2442485
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442485
5
reference_url https://github.com/bytecodealliance/wasmtime/commit/301dc7162cca51def19131019af1187f45901c0a
reference_id 301dc7162cca51def19131019af1187f45901c0a
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/commit/301dc7162cca51def19131019af1187f45901c0a
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27572
reference_id CVE-2026-27572
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27572
7
reference_url https://github.com/advisories/GHSA-243v-98vx-264h
reference_id GHSA-243v-98vx-264h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-243v-98vx-264h
8
reference_url https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h
reference_id GHSA-243v-98vx-264h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h
9
reference_url https://docs.rs/http/1.4.0/http/header/#limitations
reference_id #limitations
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://docs.rs/http/1.4.0/http/header/#limitations
10
reference_url https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.6
reference_id v24.0.6
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.6
11
reference_url https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.6
reference_id v36.0.6
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.6
12
reference_url https://github.com/bytecodealliance/wasmtime/releases/tag/v40.0.4
reference_id v40.0.4
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/releases/tag/v40.0.4
13
reference_url https://github.com/bytecodealliance/wasmtime/releases/tag/v41.0.4
reference_id v41.0.4
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/releases/tag/v41.0.4
fixed_packages
0
url pkg:cargo/wasmtime@24.0.6
purl pkg:cargo/wasmtime@24.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@24.0.6
1
url pkg:cargo/wasmtime@36.0.6
purl pkg:cargo/wasmtime@36.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@36.0.6
2
url pkg:cargo/wasmtime@40.0.4
purl pkg:cargo/wasmtime@40.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@40.0.4
aliases CVE-2026-27572, GHSA-243v-98vx-264h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m6r-ymr5-yydu
2
url VCID-svnx-p11j-h7e7
vulnerability_id VCID-svnx-p11j-h7e7
summary Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested by the guests. This serves as a Denial of Service vector. Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 have all been released with the fix for this issue. These versions do not prevent this issue in their default configuration to avoid breaking preexisting behaviors. All versions of Wasmtime have appropriate knobs to prevent this behavior, and Wasmtime 42.0.0-and-later will have these knobs tuned by default to prevent this issue from happening. There are no known workarounds for this issue without upgrading. Embedders are recommended to upgrade and configure their embeddings as necessary to prevent possibly-malicious guests from triggering this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27204.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27204.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27204
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.2631
published_at 2026-06-14T12:55:00Z
1
value 0.00093
scoring_system epss
scoring_elements 0.26324
published_at 2026-06-13T12:55:00Z
2
value 0.00093
scoring_system epss
scoring_elements 0.26313
published_at 2026-06-12T12:55:00Z
3
value 0.00093
scoring_system epss
scoring_elements 0.26113
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27204
2
reference_url https://github.com/bytecodealliance/wasmtime
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bytecodealliance/wasmtime
3
reference_url https://rustsec.org/advisories/RUSTSEC-2026-0020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2026-0020.html
4
reference_url https://github.com/bytecodealliance/wasmtime/issues/11552
reference_id 11552
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://github.com/bytecodealliance/wasmtime/issues/11552
5
reference_url https://github.com/bytecodealliance/wasmtime/pull/12599
reference_id 12599
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://github.com/bytecodealliance/wasmtime/pull/12599
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442480
reference_id 2442480
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442480
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27204
reference_id CVE-2026-27204
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27204
8
reference_url https://github.com/advisories/GHSA-852m-cvvp-9p4w
reference_id GHSA-852m-cvvp-9p4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-852m-cvvp-9p4w
9
reference_url https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w
reference_id GHSA-852m-cvvp-9p4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w
10
reference_url https://docs.wasmtime.dev/security-what-is-considered-a-security-vulnerability.html
reference_id security-what-is-considered-a-security-vulnerability.html
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://docs.wasmtime.dev/security-what-is-considered-a-security-vulnerability.html
11
reference_url https://docs.rs/wasmtime/latest/wasmtime/component/struct.ResourceTable.html#method.set_max_capacity
reference_id struct.ResourceTable.html#method.set_max_capacity
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://docs.rs/wasmtime/latest/wasmtime/component/struct.ResourceTable.html#method.set_max_capacity
12
reference_url https://docs.rs/wasmtime/latest/wasmtime/struct.Store.html#method.set_hostcall_fuel
reference_id struct.Store.html#method.set_hostcall_fuel
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://docs.rs/wasmtime/latest/wasmtime/struct.Store.html#method.set_hostcall_fuel
13
reference_url https://docs.rs/wasmtime-wasi/latest/wasmtime_wasi/struct.WasiCtxBuilder.html#method.max_random_size
reference_id struct.WasiCtxBuilder.html#method.max_random_size
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://docs.rs/wasmtime-wasi/latest/wasmtime_wasi/struct.WasiCtxBuilder.html#method.max_random_size
fixed_packages
0
url pkg:cargo/wasmtime@24.0.6
purl pkg:cargo/wasmtime@24.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@24.0.6
1
url pkg:cargo/wasmtime@36.0.6
purl pkg:cargo/wasmtime@36.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@36.0.6
2
url pkg:cargo/wasmtime@40.0.4
purl pkg:cargo/wasmtime@40.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@40.0.4
aliases CVE-2026-27204, GHSA-852m-cvvp-9p4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-svnx-p11j-h7e7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@40.0.4