Vulnerability Database>CVE 2026-40393

CVE 2026-40393

Publish date: April 12, 2026

Severity

Critical

CVSS score

9.8

Package

mesa

Affected versions

>= 25.0.7-2+e1, < 25.0.7-2+e2

In Mesa versions prior to 25.3.6 and 26 before 26.0.1, an out-of-bounds memory access vulnerability may occur in WebGPU. This is due to the amount of data to be allocated being determined by an untrusted party, which is subsequently used for alloca.

‍

Learn about Echo's vulnerability management

Learn more

CVE 2026-40393

NVD Record:

References:

Related CVEs: