Cyber Resilience

CVE-2026-58592

HighPublic PoC

Published: 01 July 2026

Published
01 July 2026
Modified
02 July 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0031 22.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-58592 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 8.9 (High).

Operationally, ranked at the 22.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to create_host_function, whose host callback captures and…

more

later reads that reference; once the ESM link-loop iteration ends the FunctionType is destroyed, leaving the callback with a dangling reference (the normal instantiate path uses a long-lived reference and is not affected). Stale result-type data lets the host callback return an empty result vector for a statically non-empty result, so the destination register retains an attacker-influenced value that is then consumed by the WASM-GC array.set handler, which bit-casts the reference low bits to an ArrayInstance pointer after only a null check, yielding an arbitrary write. A web page can chain this into code execution in the WebContent process. Verified reachable from HTML content without any instrumentation or source modification.

CWE(s)

Related Threats

CVEs Like This One

CVE-2024-5830Shared CWE-787, CWE-843
CVE-2018-9471Shared CWE-787, CWE-843
CVE-2024-38207Shared CWE-787, CWE-843
CVE-2020-16009Shared CWE-787, CWE-843
CVE-2026-43037Shared CWE-787, CWE-843
CVE-2023-24823Shared CWE-787, CWE-843
CVE-2023-36017Shared CWE-787, CWE-843
CVE-2023-38128Shared CWE-787, CWE-843
CVE-2023-48694Shared CWE-825, CWE-843
CVE-2024-38218Shared CWE-787, CWE-843

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References