CVE-2026-34983: Wasmtime has use-after-free bug after cloning `wasmtime::Linker`
In version 43.0.0 of the wasmtime crate, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs.
This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host.
The typical symptom of this use-after-free bug is a segfault. It does not enable heap corruption or data leakage.
If you are using the wasmtime CLI, rather than the embedding API, you are not affected. If you are using the embedding API but are not calling wasmtime::Linker’s Clone implementation, you are not affected.
Specifically, the following steps must occur to trigger the bug:
- Clone a
wasmtime::Linker - Drop the original linker instance
- Use the new, cloned linker instance, resulting in a use-after-free
References
Code Behaviors & Features
Detect and mitigate CVE-2026-34983 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →