WebGPU Vulnerability in GPU GLES Render Process by Imagination Technologies
CVE-2026-22166

9.6CRITICAL

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 1 May 2026

🔔 Create Imagination Technologies Vulnerability Alert

What is CVE-2026-22166?

A vulnerability exists in the GPU GLES render process that affects systems where unusual WebGPU content can inadvertently trigger a use-after-free (UAF) crash. This flaw can be exploited if the graphics workload process operates with system privileges, potentially leading to further exploitation of the affected system. It highlights significant risks associated with GPU-related processes in various applications.

Affected Version(s)

Graphics DDK Linux 1.18 RTM

Graphics DDK Linux 23.2 RTM

Graphics DDK Linux 24.1 RTM <= 24.2 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Jan 6, 2026

CVE-2026-22166 Data

JSON