Vendor
A critical sandbox escape vulnerability exists in Wasmtime's Cranelift compilation backend on aarch64, allowing guest WebAssembly modules to bypass bounds checks and achieve arbitrary read/write access to host memory under specific configuration conditions.