Cyber Resilience

CVE-2026-22166

HighUpdated

Published: 01 May 2026

Published
01 May 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0035 26.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-22166 is a high-severity Use After Free (CWE-416) vulnerability in Imaginationtech Ddk. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 26.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-22166 is a use-after-free (UAF) vulnerability (CWE-416) with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H). It affects the GPU GLES user-space shared library in Imagination Technologies GPU drivers. The issue arises when a web page loads unusual WebGPU content into the GPU GLES render process, triggering a write UAF crash.

An attacker with low privileges (PR:L) can exploit this over the network (AV:N) with low complexity and no user interaction required. Successful exploitation causes high integrity (I:H) and availability (A:H) impacts via the crash, and on certain platforms where the graphics workload process runs with system privileges, it could enable further system-level exploitation.

Imagination Technologies has published details on GPU driver vulnerabilities, including this CVE, at https://www.imaginationtech.com/gpu-driver-vulnerabilities/, which security practitioners should consult for mitigation guidance and patches.

EU & UK References

Vulnerability details

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges…

more

this could enable subsequent exploit on the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

UAF in GPU GLES/WebGPU render path enables client-side exploitation (T1203) and potential privilege escalation to system level on privileged graphics processes (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22165Same product: Imaginationtech Ddk
CVE-2025-10865Same product: Imaginationtech Ddk
CVE-2025-13952Same product: Imaginationtech Ddk
CVE-2025-58411Same product: Imaginationtech Ddk
CVE-2026-22167Same product: Imaginationtech Ddk
CVE-2026-22163Same product: Imaginationtech Ddk
CVE-2026-21732Same product: Imaginationtech Ddk
CVE-2025-25176Same product: Imaginationtech Ddk
CVE-2026-47310Shared CWE-416
CVE-2026-9901Shared CWE-416

Affected Assets

imaginationtech
ddk
25.3 · ≤ 25.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free flaw in the Imagination Technologies GPU GLES user-space shared library by identifying, testing, and applying patches.

prevent

Implements memory protection mechanisms such as ASLR, DEP, and stack canaries to prevent exploitation of the write UAF crash in the GPU library.

prevent

Isolates the GPU GLES render process to restrict unauthorized access and limit privilege escalation potential when the process executes with system privileges on affected platforms.

References