Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ladybirdbrowser
Ladybirdbrowser ladybird |
|
| Vendors & Products |
Ladybirdbrowser
Ladybirdbrowser ladybird |
Thu, 02 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to create_host_function, whose host callback captures and later reads that reference; once the ESM link-loop iteration ends the FunctionType is destroyed, leaving the callback with a dangling reference (the normal instantiate path uses a long-lived reference and is not affected). Stale result-type data lets the host callback return an empty result vector for a statically non-empty result, so the destination register retains an attacker-influenced value that is then consumed by the WASM-GC array.set handler, which bit-casts the reference low bits to an ArrayInstance pointer after only a null check, yielding an arbitrary write. A web page can chain this into code execution in the WebContent process. Verified reachable from HTML content without any instrumentation or source modification. | |
| Title | Ladybird - Web-Reachable Code Execution via Dangling FunctionType Reference in WebAssembly ESM Integration | |
| Weaknesses | CWE-787 CWE-825 CWE-843 |
|
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-02T15:55:07.091Z
Reserved: 2026-07-01T17:20:57.549Z
Link: CVE-2026-58592
Updated: 2026-07-02T15:27:48.054Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T01:45:03Z