CVE-2026-41157
Received Received - Intake
WebGPU Memory Corruption via Integer Overflow

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: imaginationtech

Description
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-13
EPSS Evaluated
N/A
NVD
CVE-2026-41157
EUVD
EUVD-2026-36607
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when a web page containing unusual WebGPU content is loaded into the GPU GLES render process. It can trigger an out-of-bound write in the GPU user-space driver.

The root cause is that the software calculates a required memory size based on untrusted input, but due to an integer overflow, the computed size can be smaller than actually needed.

As a result, subsequent write operations may exceed the intended memory boundary, leading to memory corruption.

Impact Analysis

The vulnerability can cause memory corruption in the GPU user-space driver.

This memory corruption may lead to instability or termination of the browser or GPU process, potentially causing crashes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41157. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart