What is the CVSS score of CVE-2026-22166?

CVE-2026-22166 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Imagination Graphics DDK are affected by CVE-2026-22166?

CVE-2026-22166 is a use-after-free vulnerability in Imagination Graphics DDK GPU libraries that allows authenticated remote attackers to crash GPU rendering processes through malicious WebGPU…

Imagination Graphics DDK CVE-2026-22166

EUVD-2026-26663 HIGH

Use After Free (CWE-416)

2026-05-01 367425dc-4d06-4041-9650-c2dc6aaa27ce

Denial Of Service Use After Free Memory Corruption

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

May 01, 2026 - 20:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 01, 2026 - 20:22 vuln.today

cvss_changed

Severity Changed

May 01, 2026 - 20:22 NVD

CRITICAL HIGH

CVSS changed

May 01, 2026 - 20:22 NVD

9.6 (CRITICAL) 8.1 (HIGH)

Analysis Generated

May 01, 2026 - 19:00 vuln.today

CVSS changed

May 01, 2026 - 18:22 NVD

9.6 (CRITICAL)

EUVD ID Assigned

May 01, 2026 - 16:22 euvd

EUVD-2026-26663

Analysis Generated

May 01, 2026 - 16:22 vuln.today

CVE Published

May 01, 2026 - 16:16 nvd

HIGH 8.1

DescriptionNVD

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the system.

AnalysisAI

Use-after-free in Imagination Graphics DDK GPU GLES user-space library allows authenticated remote attackers to crash the GPU render process via crafted WebGPU content. CVSS 8.1 (High) with network vector and low complexity. …

RemediationAI

Within 24 hours: Identify all systems running Imagination Graphics DDK versions 1.18, 23.2, 24.1, 24.2, 25.1, 25.2, or 25.3; audit which systems expose WebGPU capabilities to untrusted users or networks. Within 7 days: Implement network-level restrictions to limit WebGPU content delivery from untrusted sources; disable WebGPU APIs where operationally feasible; document GPU process privilege levels on affected systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-22166 vulnerability details – vuln.today

Back