High severity8.1NVD Advisory· Published Apr 12, 2026· Updated Apr 16, 2026
CVE-2026-40393
CVE-2026-40393
Description
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coordsRange: < 20.2.4-150300.59.12.1
Patches
Vulnerability mechanics
References
2- gitlab.freedesktop.org/mesa/mesa/-/merge_requests/39866nvdIssue Tracking
- lists.freedesktop.org/archives/mesa-dev/2026-February/226597.htmlnvdIssue TrackingMailing List
News mentions
1- Patch Tuesday - April 2026Rapid7 Blog · Apr 14, 2026