What is the CVSS score of CVE-2026-21733?

CVE-2026-21733 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L. EPSS exploitation probability: 0.0%.

Which versions of Graphics Ddk are affected by CVE-2026-21733?

Imagination Technologies Graphics DDK versions 1.17-25.3 RTM contain a local privilege escalation vulnerability that allows low-privileged users to modify GPU memory and system files, potentially…

How to fix or mitigate CVE-2026-21733?

Within 24 hours: inventory all systems running Imagination Technologies Graphics DDK 1.17-25.3 RTM and isolate any handling sensitive data or running untrusted code. Within 7 days: restrict local login access to DDK-running systems to trusted administrators only; implement application whitelisting to prevent execution of untrusted binaries. Within 30 days: contact Imagination Technologies for patched DDK releases; prioritize updating development and rendering workstations first, then embedded deployments.

Graphics Ddk CVE-2026-21733

EUVD-2026-23446 HIGH

Improper Handling of Insufficient Permissions or Privileges (CWE-280)

2026-04-17 imaginationtech

GHSA-4h67-fm2h-4qrp

Information Disclosure Graphics Ddk

7.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.3 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Re-analysis Queued

Apr 23, 2026 - 12:22 vuln.today

cvss_changed

Analysis Generated

Apr 17, 2026 - 19:33 vuln.today

CVSS changed

Apr 17, 2026 - 18:22 NVD

7.3 (None) 7.3 (HIGH)

EUVD ID Assigned

Apr 17, 2026 - 16:45 euvd

EUVD-2026-23446

Analysis Generated

Apr 17, 2026 - 16:45 vuln.today

CVE Published

Apr 17, 2026 - 16:08 nvd

HIGH 7.3

DescriptionCVE.org

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files.

This is caused by improper handling of GPU memory reservation protections.

AnalysisAI

Local privilege escalation in Imagination Technologies Graphics DDK allows low-privileged users to modify read-only GPU memory and files through improper system call handling. Affects DDK versions 1.17 through 25.3 RTM across multiple release branches. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Gain local user access

Delivery

Enumerate GPU device nodes

Exploit

Craft malicious GPU memory allocation syscalls

Execution

Trigger improper permission grant in DDK

Persist

Write to read-only kernel memory

Impact

Escalate privileges or access protected data

Access

Gain local user access

Delivery

Enumerate GPU device nodes

Exploit

Craft malicious GPU memory allocation syscalls

Execution

Trigger improper permission grant in DDK

Persist

Write to read-only kernel memory

Impact

Escalate privileges or access protected data

Vulnerability AssessmentAI

Exploitation	Requires authenticated local access with low-level user privileges (CVSS PR:L) on a system with Imagination Technologies Graphics DDK installed and GPU hardware accessible to unprivileged users. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Real-world risk is elevated for multi-user systems and containerized GPU workloads. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with standard user account access on a shared Linux workstation runs a malicious application that invokes GPU memory allocation system calls with crafted parameters. The vulnerable Graphics DDK kernel module incorrectly grants write permissions to GPU memory regions marked read-only, allowing the attacker to modify memory-mapped kernel data structures or files shared with privileged processes. …
Remediation	Upgrade to patched Graphics DDK versions as specified in Imagination Technologies security advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all systems running Imagination Technologies Graphics DDK 1.17-25.3 RTM and isolate any handling sensitive data or running untrusted code. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-22164 HIGH This Week

7.5 Jun 08

Kernel heap memory corruption in Imagination Technologies Graphics DDK allows a non-privileged local user to crash or de

CVE-2026-34194 HIGH This Week

7.1 Jun 08

Local privilege escalation and integrity compromise in Imagination Technologies Graphics DDK (GPU driver) allows non-pri

CVE-2026-34195 This Week

Jun 12

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of

CVE-2026-41155 Monitor

Jun 12

An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secur

CVE-2026-41157 This Week

Jun 12

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound

CVE-2026-21733 vulnerability details – vuln.today

Back

Graphics Ddk CVE-2026-21733

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code