Out-of-Bounds Write Vulnerability in GPU Shader Compiler by Imagination Technologies
CVE-2026-21732

9.6CRITICAL

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 20 March 2026

🔔 Create Imagination Technologies Vulnerability Alert

What is CVE-2026-21732?

This vulnerability occurs when a web page with unusually large GPU shader code is processed by the GPU compiler. It can lead to an out-of-bounds write, causing a segmentation fault, which may crash the GPU shader compiler library. On systems where the compiler process runs with heightened privileges, this flaw can potentially open pathways for more severe exploitation, exposing the device to greater risks.

Affected Version(s)

Graphics DDK Linux 23.2 RTM

Graphics DDK Linux 24.1 RTM <= 25.1 RTM

Graphics DDK Linux 1.17 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21732 Data

JSON