CVE-2026-35195

medium Red Hat
CVSS v3 Base Score
6.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
Low
Integrity
Low
Availability
Low
Published: April 9, 2026 (34 days ago)
Last Modified: April 9, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in Wasmtime, a runtime for WebAssembly. A malicious guest component can exploit an issue where the host does not validate memory allocation requests. This allows the guest to write arbitrary data to locations outside its designated memory. Depending on the configuration, this could lead to corruption of critical host data or other guest environments, potentially resulting in information disclosure or the execution of unauthorized code.

CWE

CWE-787

Affected Products

Red Hat Connectivity Link 1Red Hat Enterprise Linux 10

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com