cvedb.io
CVE-2026-40393
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2026-04-12T19:16:20.797 · Last modified 2026-06-17T10:45:14.027

Summary

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.

Affected products

mesa3d — mesa

Does this affect you?

Add your gear to cvedb and we'll alert you only when mesa3d ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.