CVE-2026-40393

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mesa versions prior to 25.3.6 and versions prior to 26.0.1

Description An out-of-bounds memory access issue exists in the WebGPU component of Mesa. The amount of data to be allocated is determined by an untrusted source and then used in the alloca function, potentially leading to a memory access error.

Recommendations Update Mesa to version 25.3.6 or later. Update Mesa to version 26.0.1 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2026-40393

ECHO-970D-B2F9-098E

OESA-2026-2048

OESA-2026-2049

OESA-2026-2050

OESA-2026-2051

OESA-2026-2052

SUSE-SU-2026:1343-1

Affected Products

Mesa

CVE-2026-40393

Weakness Enumeration

Related Identifiers

Affected Products

References · 29