Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-47261

CVE-2026-47261: Wasmtime Auth Bypass Vulnerability

CVE-2026-47261 is an authentication bypass flaw in Bytecodealliance Wasmtime that allows attackers to circumvent file access controls via TRUNCATE flag. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-47261 Overview

CVE-2026-47261 is an access control bypass vulnerability in Wasmtime, a runtime for WebAssembly maintained by the Bytecode Alliance. The flaw allows guest WebAssembly modules to truncate read-only files by abusing the OpenFlags::TRUNCATE flag through the wasip2 descriptor.open-at or wasip1 path_open interfaces. The vulnerability stems from missing write-mode tracking in the filesystem access control logic in crates/wasi/src/filesystem.rs. Only wasmtime-wasi embeddings combining DirPerms::MUTATE with FilePerms::READ (without FilePerms::WRITE) are affected. The Wasmtime CLI itself is unaffected because it sets FilePerms::all() for all preopens. This issue is tracked under [CWE-284] Improper Access Control.

Critical Impact

A sandboxed WebAssembly guest can truncate host files it should only be permitted to read, resulting in data integrity loss.

Affected Products

  • Bytecode Alliance Wasmtime versions prior to 24.0.9
  • Bytecode Alliance Wasmtime versions prior to 36.0.10
  • Bytecode Alliance Wasmtime versions prior to 44.0.2

Discovery Timeline

  • 2026-06-15 - CVE-2026-47261 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2026-47261

Vulnerability Analysis

The vulnerability resides in the WASI (WebAssembly System Interface) filesystem layer of Wasmtime. When a host embedder grants a guest module a directory preopen with DirPerms::MUTATE and per-file FilePerms::READ only, the guest should not be able to modify file contents. However, the Dir::open_at implementation fails to record write-mode access when only the OpenFlags::TRUNCATE flag is provided. The subsequent FilePerms access control check then evaluates the request as a non-write operation, permitting the open call to succeed. Once the file is opened, the kernel truncates it to zero length, destroying the file contents. This violates the principle of least privilege expected from the WASI capability model.

Root Cause

The root cause is a missing single-line assignment in crates/wasi/src/filesystem.rs at lines 967 to 969. The clause that handles OpenFlags::TRUNCATE did not set open_mode |= OpenMode::WRITE;. Because the open_mode value drives the later authorization check against the configured FilePerms, the absence of the WRITE bit caused truncation requests to bypass write-permission validation. The fix adds the missing OpenMode::WRITE assignment, after which affected calls correctly return error-code.not-permitted for wasip2 and ERRNO_PERM for wasip1.

Attack Vector

Exploitation requires a malicious or compromised WebAssembly guest running inside a vulnerable Wasmtime embedding. The guest invokes path_open or descriptor.open-at against a file in a preopened directory, supplying only the TRUNCATE flag without WRITE. The runtime accepts the call and truncates the target file. For details on the patch, see the GitHub Security Advisory GHSA-2r75-cxrj-cmph.

Detection Methods for CVE-2026-47261

Indicators of Compromise

  • Unexpected zero-length files within directories exposed as WASI preopens to guest modules.
  • Audit log entries showing path_open or descriptor.open-at calls with OpenFlags::TRUNCATE set but no write permission grant.
  • File modification timestamps changing on host files that should be read-only to a guest.

Detection Strategies

  • Inventory all applications embedding wasmtime-wasi and identify configurations using DirPerms::MUTATE combined with FilePerms::READ only.
  • Enable filesystem auditing on host directories exposed to WebAssembly guests to capture truncation events.
  • Review dependency manifests (Cargo.lock) across build pipelines for vulnerable Wasmtime versions below 24.0.9, 36.0.10, or 44.0.2.

Monitoring Recommendations

  • Forward host filesystem audit events into a centralized logging or SIEM platform to correlate guest activity with file changes.
  • Track Wasmtime runtime versions deployed across production hosts and alert on outdated builds.
  • Monitor process telemetry for embedder applications invoking WASI calls outside expected operational baselines.

How to Mitigate CVE-2026-47261

Immediate Actions Required

  • Upgrade Wasmtime to version 24.0.9, 36.0.10, 44.0.2, or 45.0.0 depending on the deployed release branch.
  • Audit wasmtime-wasi embedder code for preopens that pair DirPerms::MUTATE with FilePerms::READ without FilePerms::WRITE.
  • Restrict directory preopens to the minimum capability set required by each guest module.

Patch Information

The Bytecode Alliance has released fixed versions: Wasmtime v24.0.9, Wasmtime v36.0.10, and Wasmtime v44.0.2. The patch adds the missing open_mode |= OpenMode::WRITE; assignment in crates/wasi/src/filesystem.rs so that TRUNCATE requests are evaluated against write permissions. Version Wasmtime v45.0.0 also contains the fix.

Workarounds

  • Configure preopens with FilePerms::all() only when guests legitimately require write access, otherwise avoid combining DirPerms::MUTATE with read-only FilePerms.
  • Remove DirPerms::MUTATE from preopens intended to provide read-only file access until upgrades are deployed.
  • Run untrusted WebAssembly modules against ephemeral or sandboxed directories whose contents can be discarded.
bash
# Configuration example: update Wasmtime in a Rust project
cargo update -p wasmtime --precise 44.0.2
cargo build --release

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.