Description
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
Published: 2026-04-12
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Out-of-bounds memory access potentially causing memory corruption or remote code execution
Action: Patch Immediately
AI Analysis

Impact

An out-of-bounds memory allocation occurs in Mesa's WebGPU implementation when an untrusted length value determines the size of a stack allocation via alloca. This logic flaw allows an attacker to request memory that exceeds the allocated bounds, leading to possible memory corruption or arbitrary writes in the driver context, which could be leveraged for remote code execution or data tampering.

Affected Systems

The issue affects the Mesa 3D graphics library on all platforms that include its WebGPU support. Versions before 25.3.6 in the 25.x series and before 26.0.1 in the 26.x series are vulnerable. Any system using one of those releases and running applications that expose WebGPU (such as modern browsers or graphics tools) may be exposed.

Risk and Exploitability

The CVSS v3.1 score of 8.1 places it in the high-severity range, indicating significant potential impact on confidentiality, integrity and availability. No EPSS score is available and the vulnerability is not yet listed in CISA’s KEV catalog, implying no publicly confirmed exploit at this time. However, the likely attack vector involves an attacker supplying crafted WebGPU commands from an untrusted source, so timely patching is essential to mitigate risk.

Generated by OpenCVE AI on April 12, 2026 at 20:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Mesa to version 25.3.6 or newer, or 26.0.1 or newer.
  • Disable WebGPU or restrict untrusted usage until a patch is applied.

Generated by OpenCVE AI on April 12, 2026 at 20:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mesa3d:mesa:26.0.0:*:*:*:*:*:*:*

Mon, 13 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Mesa WebGPU Out-of-bounds Memory Access Vulnerability

Sun, 12 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
First Time appeared Mesa3d
Mesa3d mesa
Weaknesses CWE-787
CPEs cpe:2.3:a:mesa3d:mesa:*:*:*:*:*:*:*:*
Vendors & Products Mesa3d
Mesa3d mesa
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Mesa3d Mesa
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T15:47:05.804Z

Reserved: 2026-04-12T18:49:18.544Z

Link: CVE-2026-40393

cve-icon Vulnrichment

Updated: 2026-04-13T15:47:00.608Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-12T19:16:20.797

Modified: 2026-04-16T16:17:06.870

Link: CVE-2026-40393

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:54:03Z

Weaknesses