CVE-2026-40393

| EUVD-2026-21737 HIGH
2026-04-12 mitre
8.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 12, 2026 - 19:24 vuln.today

Tags

Buffer Overflow Memory Corruption Mesa

Description

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.

Analysis

Out-of-bounds memory access in Mesa's WebGPU implementation allows remote attackers to achieve code execution, data corruption, or denial of service through untrusted allocation sizes passed to alloca. Affects Mesa versions before 25.3.6 and 26.x before 26.0.1. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: identify all systems running Mesa versions before 25.3.6 or 26.x before 26.0.1 using inventory/asset management tools; prioritize systems running browsers or graphics applications processing untrusted content. Within 7 days: patch to Mesa 25.3.6 or 26.0.1 (or later) on all affected systems; coordinate with Linux distribution vendors for official packages if building from source is not feasible. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

40
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +40
POC: 0

Share

CVE-2026-40393 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy