216.73.216.233

CVE-2026-41157

· Published 13/06/2026 00:16 · Modified 12/06/2026 22:16 · Author: The MITRE Corporation

Labels: CVE-2026-41157 2026-06-12367425dc-4d06-4041-9650-c2dc6aaa27ceCVE-2026-41157CWE-787

Essential information

Published
13/06/2026 00:16
Modified
12/06/2026 22:16
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CWE-787
EPSS (First)
P4.5% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00150)
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
367425dc-4d06-4041-9650-c2dc6aaa27ce
NVD
View on NVD

Affected products (CPE)

ProductCPE
gpu / gpu user space driver cpe:2.3:a:gpu:gpu_user_space_driver:*:*:*:*:*:*:*:*
web browser / browser cpe:2.3:a:web_browser:browser:*:*:*:*:*:*:*:*

References