CVE-2026-22166

EUVD-2026-26663
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
imaginationtechddk
𝑥
≤ 25.2
imaginationtechddk
25.3:rtm
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.imaginationtech.com/gpu-driver-vulnerabilities/