PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-41157 Imagination Technologies CVE debrief

CVE-2026-41157 is an out-of-bound write vulnerability in the GPU user-space driver. A web page with unusual WebGPU content can trigger memory corruption and a possible browser/GPU process crash. The vulnerability occurs when the software computes a required memory size from untrusted input, but an integer overflow produces a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.

Vendor
Imagination Technologies
Product
Graphics DDK
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-12
Original CVE updated
2026-06-12
Advisory published
2026-06-12
Advisory updated
2026-06-12

Who should care

Users of web browsers and systems that utilize GPU acceleration, particularly those with WebGPU content, should be aware of this vulnerability. Developers and administrators should prioritize patching and mitigation strategies.

Technical summary

The vulnerability is caused by an integer overflow when computing the required memory size from untrusted input. This leads to an out-of-bound write in the GPU user-space driver, resulting in memory corruption.

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates from the vendor as soon as they are available.
  • Use secure coding practices to prevent similar vulnerabilities.
  • Monitor systems for unusual activity or crashes related to GPU or browser processes.

Evidence notes

The CVE record and NVD detail provide official information about the vulnerability. Additional information can be found at https://www.imaginationtech.com/gpu-driver-vulnerabilities/ (ref-4).

Official resources

CVE-2026-41157 was published on 2026-06-12T22:16:50.583Z and has not been modified since then.