LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-40494

CVE-2026-40494 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 18, 2026

SAIL - Buffer Overflow

Published: April 18, 2026Updated: April 18, 2026Remote Exploitable

Overview

SAIL contains a buffer overflow caused by missing bounds check in the TGA codec's raw-packet RLE decoder, letting attackers write up to 496 bytes past heap buffer, exploit requires crafted image file.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can write beyond heap buffer, potentially leading to code execution or application crash.

Mitigation

Update to the version including commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 18, 2026

šŸ”“ CVE-2026-40494 - Critical (9.8) SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in `tga.c` has an asymmetric bounds check ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-40494/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 18, 2026

šŸšØ CRITICAL: CVE-2026-40494 in HappySeaFox sail (<45d48d1f2e8...) enables out-of-bounds write in TGA decoder. Heap overflow risk ā€” update to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302. No exploits seen yet. https://radar.offseq.com/threat/cve-2026-40494-cwe-787-out-of-bounds-write-in-happ-d7181ae5 #OffSeq #Vuln #AppSec

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 18, 2026

šŸ”“ CVE-2026-40494 - Critical (9.8) SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in `tga.c` has an asymmetric bounds check ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-40494/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 18, 2026

šŸšØ CRITICAL: CVE-2026-40494 in HappySeaFox sail (<45d48d1f2e8...) enables out-of-bounds write in TGA decoder. Heap overflow risk ā€” update to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302. No exploits seen yet. https://radar.offseq.com/threat/cve-2026-40494-cwe-787-out-of-bounds-write-in-happ-d7181ae5 #OffSeq #Vuln #AppSec

View original post

Related Resources

Details

CVE ID
CVE-2026-40494
Severity
Critical
CVSS Score
9.8
Type
buffer_overflow
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-787

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days