English

An Analysis of Modern Web Security Vulnerabilities Inside WebAssembly Applications

Cryptography and Security 2026-03-11 v1

Abstract

The growth in the adoption of the WebAssembly (WASM) standard has given rise to a rapidly increasing landscape of binary applications that are natively ported to the environment of websites. The flexibility of WASM has made it the preferred way to run fast and resource-heavy applications, replacing a field that JavaScript previously monopolized. Despite its success, researchers have raised concerns over the security implementations of WASM, demonstrating that binary vulnerabilities, such as Buffer Overflows and Use After Free, remain a present danger for WASM binaries. Our work aims to demonstrate that such vulnerabilities, when occurring on a WebAssembly module, can affect the behavior of a web application in unexpected ways, enabling an attacker to exploit vulnerabilities that are typical of the web security landscape. We provide several scenarios to provide examples of how each binary vulnerability might lead to a web security vulnerability, such as SQL Injections, XS-Leaks, and SSTI. Our results show that binary vulnerabilities can invalidate common security mechanisms that web developer implement in their applications, demonstrating how the security of WASM modules remains a problem that needs to be addressed. We also provide a list of best practices and defensive strategies that developers can implement to mitigate the risks associated with running unsafe WASM modules in their web applications.

Keywords

Cite

@article{arxiv.2603.09426,
  title  = {An Analysis of Modern Web Security Vulnerabilities Inside WebAssembly Applications},
  author = {Lorenzo Corrias and Lorenzo Pisu and Davide Maiorca and Giorgio Giacinto},
  journal= {arXiv preprint arXiv:2603.09426},
  year   = {2026}
}

Comments

8 pages, submitted to ICISSP 2026

R2 v1 2026-07-01T11:12:11.491Z