CVE-2026-41157

June 12, 2026, 10:16 p.m.

None
No Score

Description

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.

Product(s) Impacted

Vendor Product Versions
Gpu
  • Gpu User Space Driver
  • *
Web Browser
  • Browser
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a gpu gpu_user_space_driver / / / / / / / /
a web_browser browser / / / / / / / /

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Tags

CWE-787
367425dc-4d06-4041-9650-c2dc6aaa27ce
2026-06-12
CVE-2026-41157

Timeline

Published: June 12, 2026, 10:16 p.m.
Last Modified: June 12, 2026, 10:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

367425dc-4d06-4041-9650-c2dc6aaa27ce

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.