CVE Catalog

CVE-2026-58592

HighCVSS 8.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. A JavaScript function imported into a WASM module via ESM causes a stack-local FunctionType to be destroyed after the link-loop iteration ends, while the host callback still references it, leading to memory corruption.

Risk Assessment

An attacker can exploit this vulnerability to achieve arbitrary write in the WebContent process memory, enabling code execution within the browser context. The risk includes control over the rendering process and potential access to user data.

Recommendation

Immediately update Ladybird to a version containing the fix for the dangling reference bug in WebAssemblyModule.cpp. Until the update, disable WebAssembly support in the browser.

Original NVD description (English source)

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to create_host_function, whose host callback captures and later reads that reference; once the ESM link-loop iteration ends the FunctionType is destroyed, leaving the callback with a dangling reference (the normal instantiate path uses a long-lived reference and is not affected). Stale result-type data lets the host callback return an empty result vector for a statically non-empty result, so the destination register retains an attacker-influenced value that is then consumed by the WASM-GC array.set handler, which bit-casts the reference low bits to an ArrayInstance pointer after only a null check, yielding an arbitrary write. A web page can chain this into code execution in the WebContent process. Verified reachable from HTML content without any instrumentation or source modification.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS