LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-40493

CVE-2026-40493 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 18, 2026

SAIL - Buffer Overflow

Published: April 18, 2026Updated: April 18, 2026Remote Exploitable

Overview

SAIL contains a heap buffer overflow caused by incorrect bytes-per-pixel calculation in the PSD codec for LAB mode, letting attackers cause memory corruption, exploit requires crafted PSD files.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can cause heap buffer overflow leading to potential memory corruption or code execution.

Mitigation

Update to the version including commit c930284445ea3ff94451ccd7a57c999eca3bc979 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 18, 2026

šŸ”“ CVE-2026-40493 - Critical (9.8) SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-40493/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 18, 2026

šŸšØ CVE-2026-40493: CRITICAL out-of-bounds write in HappySeaFox sail (<c930284445ea3ff94451ccd7a57c999eca3bc979) ā€” Heap buffer overflow in PSD codec risks RCE & data loss. Patch ASAP: commit c930284445ea3ff94451ccd7a57c999eca3bc979. https://radar.offseq.com/threat/cve-2026-40493-cwe-787-out-of-bounds-write-in-happ-da0d28a1 #OffSeq #infosec #CVE202640493

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 18, 2026

šŸ”“ CVE-2026-40493 - Critical (9.8) SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-40493/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 18, 2026

šŸšØ CVE-2026-40493: CRITICAL out-of-bounds write in HappySeaFox sail (<c930284445ea3ff94451ccd7a57c999eca3bc979) ā€” Heap buffer overflow in PSD codec risks RCE & data loss. Patch ASAP: commit c930284445ea3ff94451ccd7a57c999eca3bc979. https://radar.offseq.com/threat/cve-2026-40493-cwe-787-out-of-bounds-write-in-happ-da0d28a1 #OffSeq #infosec #CVE202640493

View original post

Related Resources

Details

CVE ID
CVE-2026-40493
Severity
Critical
CVSS Score
9.8
Type
buffer_overflow
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-787

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days