RUSTSEC-2026-0149: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction


> WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

| Details             |                                                |
| ------------------- | ---------------------------------------------- |
| Package             | `wasmtime-wasi`                      |
| Version             | `44.0.1`                   |
| URL                 | [https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph) |
| Date                | 2026-05-21                         |
| Patched versions    | `>=24.0.9, <25.0.0,>=36.0.10, <37.0.0,>=44.0.2, <45.0.0,>=45.0.0`                  |

This is an entry in the RustSec database for the Wasmtime security advisory
located at
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph
For more information see the GitHub-hosted security advisory.

See [advisory page](https://rustsec.org/advisories/RUSTSEC-2026-0149.html) for additional details.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUSTSEC-2026-0149: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction #34

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Details
Package	`wasmtime-wasi`
Version	`44.0.1`
URL	GHSA-2r75-cxrj-cmph
Date	2026-05-21
Patched versions	`>=24.0.9, <25.0.0,>=36.0.10, <37.0.0,>=44.0.2, <45.0.0,>=45.0.0`

RUSTSEC-2026-0149: WASI path_open(TRUNCATE) bypasses FilePerms::WRITE host restriction #34

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions

RUSTSEC-2026-0149: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction #34