{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-40393", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-12T18:49:18.544Z", "datePublished": "2026-04-12T18:49:18.984Z", "dateUpdated": "2026-04-13T15:47:05.804Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mesa", "vendor": "mesa3d", "versions": [{"lessThan": "25.3.6", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "26.0.1", "status": "affected", "version": "26.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-12T18:56:36.231Z"}, "references": [{"url": "https://lists.freedesktop.org/archives/mesa-dev/2026-February/226597.html"}, {"url": "https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/39866"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mesa3d:mesa:*:*:*:*:*:*:*:*", "versionEndExcluding": "25.3.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mesa3d:mesa:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0.0", "versionEndExcluding": "26.0.1"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T15:46:57.488673Z", "id": "CVE-2026-40393", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:47:05.804Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "mesa3d", "product": "Mesa", "versions": [{"status": "affected", "version": "0", "lessThan": "25.3.6", "versionType": "semver"}, {"status": "affected", "version": "26.0.0", "lessThan": "26.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.freedesktop.org/archives/mesa-dev/2026-February/226597.html"}, {"url": "https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/39866"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mesa3d:mesa:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "25.3.6"}, {"criteria": "cpe:2.3:a:mesa3d:mesa:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "26.0.1", "versionStartIncluding": "26.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-12T18:56:36.231Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40393", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T15:46:57.488673Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-13T15:47:00.608Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-40393", "state": "PUBLISHED", "dateUpdated": "2026-04-12T18:56:36.231Z", "dateReserved": "2026-04-12T18:49:18.544Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-12T18:49:18.984Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mesa3d:mesa:*:*:*:*:*:*:*:*", "matchCriteriaId": "89D70296-F399-4480-B0DE-63B0B30626E3", "versionEndExcluding": "25.3.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mesa3d:mesa:26.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0AA825BC-1256-4D8E-96E1-3E67CC9867EB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca."}], "id": "CVE-2026-40393", "lastModified": "2026-04-16T16:17:06.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-12T19:16:20.797", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/39866"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.freedesktop.org/archives/mesa-dev/2026-February/226597.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve@mitre.org", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,25.3.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[26.0.0,26.0.1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Mesa", "source": "cna", "vendor": "mesa3d"}, "product": "mesa", "vendor": "mesa3d"}], "analysis": {"en": {"generated_at": "2026-04-12T20:51:27.620793+00:00", "value": {"mitigation_remediation": ["Update Mesa to version 25.3.6 or newer, or 26.0.1 or newer.", "Disable WebGPU or restrict untrusted usage until a patch is applied."], "summary": {"action": "Patch Immediately", "impact": "Out-of-bounds memory access potentially causing memory corruption or remote code execution"}, "threat_synthesis": {"affected_systems": "The issue affects the Mesa 3D graphics library on all platforms that include its WebGPU support. Versions before 25.3.6 in the 25.x series and before 26.0.1 in the 26.x series are vulnerable. Any system using one of those releases and running applications that expose WebGPU (such as modern browsers or graphics tools) may be exposed.", "description_and_impact": "An out-of-bounds memory allocation occurs in Mesa's WebGPU implementation when an untrusted length value determines the size of a stack allocation via alloca. This logic flaw allows an attacker to request memory that exceeds the allocated bounds, leading to possible memory corruption or arbitrary writes in the driver context, which could be leveraged for remote code execution or data tampering.", "risk_and_exploitability": "The CVSS v3.1 score of 8.1 places it in the high-severity range, indicating significant potential impact on confidentiality, integrity and availability. No EPSS score is available and the vulnerability is not yet listed in CISA\u2019s KEV catalog, implying no publicly confirmed exploit at this time. However, the likely attack vector involves an attacker supplying crafted WebGPU commands from an untrusted source, so timely patching is essential to mitigate risk."}}}}, "created": "2026-04-13T12:38:15.806335+00:00", "title": "Mesa WebGPU Out-of-bounds Memory Access Vulnerability", "updated": "2026-04-13T12:54:03.612351+00:00", "vendors": ["mesa3d", "mesa3d$PRODUCT$mesa"]}