PatchSiren

Mesa3d CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Mesa3d CVE published 2026-04-12

CVE-2026-40393

CVE-2026-40393 is a HIGH severity vulnerability in Mesa's WebGPU implementation. An out-of-bounds memory access can occur because the amount of to-be-allocated data depends on an untrusted party. This issue affects Mesa versions before 25.3.6 and 26 before 26.0.1. The vulnerability arises from the WebGPU implementation in Mesa, where the allocation of data depends on an untrusted party. This can lead to o [truncated]