University of Toronto researchers have disclosed GPUBreach, a pre-publication hardware attack chaining GDDR6 Rowhammer-style bit-flips to NVIDIA driver exploitation for full host privilege escalation, bypassing IOMMU protections. No CVE has been assigned and no NVIDIA patch is confirmed. The attack affects consumer and prosumer NVIDIA GPUs without ECC memory, including hardware widely deployed in AI/ML workloads and GPU-accelerated cloud instances (Google Cloud, AWS, Azure). Full technical details are scheduled for public release April 13, 2026. Organizations should inventory NVIDIA GPU deployments, identify non-ECC GDDR6 systems, and monitor NVIDIA security advisories; no patch action is currently available, but the pre-disclosure window warrants proactive exposure assessment.