CVE-2026-20754 MEDIUM

CVE-2026-20754

Vendor N/A

Product Intel(R) NPU Drivers

Weakness CWE-754

Published May 12, 2026

Last update May 12, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Key dates

02Disclosure timeline

May 12, 2026 CVE published

May 12, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-20754 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/754.html

Related vulnerabilities

CVE-2026-20754

01Description

02Disclosure timeline

03References

04Related CVE