COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-40393

CVE-2026-40393

Severity
high
Source
NVD · cve
Published
2026-04-12
CVSS
8.1
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-40393
shame 25/100

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.

Players implicated

mesa3d · vendormesa · product

Description

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.