Substance 3d Modeler
CVE-2026-21298
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Substance 3D Modeler versions 1.22.4 and earlier results from an out-of-bounds write vulnerability triggered when users open malicious files. An attacker can leverage this to execute code with the privileges of the current user, with no patch currently available to remediate the issue.
Technical ContextAI
Classified as CWE-787 (Out-of-bounds Write). Affects Substance 3D Modeler. Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.
More in Substance 3d Modeler
View allSubstance3D - Modeler versions 1.21.0 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that
Arbitrary code execution in Substance 3D Modeler 1.22.4 and earlier via out-of-bounds write vulnerability when processin
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could
Out-of-bounds memory read in Substance 3D Modeler 1.22.4 and earlier allows disclosure of sensitive information from app
Out-of-bounds memory read in Substance 3D Modeler 1.22.4 and earlier enables disclosure of sensitive data from process m
Memory disclosure in Substance 3D Modeler 1.22.5 and earlier through an out-of-bounds read allows attackers to expose se
Substance 3D Modeler versions 1.22.4 and earlier contain a null pointer dereference vulnerability that causes applicatio
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today