CVE-2026-35186

medium

Red Hat

CVSS v3 Base Score

6.9

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:H

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Confidentiality

Low

Integrity

None

Availability

High

Published: April 9, 2026 (34 days ago)

Last Modified: April 9, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in Wasmtime, a runtime for WebAssembly. The Winch compiler backend incorrectly handles the `table.grow` operator, leading to an internal type mismatch. This can result in a Denial of Service (DoS), where the host process crashes. Additionally, under specific configurations with disabled memory guard pages, this flaw could lead to the disclosure of up to 16 bytes of sensitive host data.

CWE

CWE-843

Affected Products

Red Hat Connectivity Link 1Red Hat Enterprise Linux 10

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com

CVE-2026-35186

Vulnerability Report

Description

CWE

Affected Products

References