Skip to main content

Substance 3d Modeler CVE-2026-21299

HIGH
Out-of-bounds Write (CWE-787)
2026-01-13 psirt@adobe.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 13, 2026 - 21:15 nvd
HIGH 7.8

DescriptionCVE.org

Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Arbitrary code execution in Substance 3D Modeler 1.22.4 and earlier via out-of-bounds write vulnerability when processing malicious files. An attacker can execute code with the privileges of the user who opens a crafted file, requiring social engineering for successful exploitation. No patch is currently available for this vulnerability.

Technical ContextAI

Classified as CWE-787 (Out-of-bounds Write). Affects Substance 3D Modeler. Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

CVE-2025-43554 HIGH
7.8 May 13

Substance3D - Modeler versions 1.21.0 and earlier are affected by an out-of-bounds write vulnerability that could result

CVE-2025-43553 HIGH
7.8 May 13

Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that

CVE-2026-21298 HIGH
7.8 Jan 13

Arbitrary code execution in Substance 3D Modeler versions 1.22.4 and earlier results from an out-of-bounds write vulnera

CVE-2024-53003 HIGH
7.8 Dec 10

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result

CVE-2024-53002 HIGH
7.8 Dec 10

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result

CVE-2024-53001 HIGH
7.8 Dec 10

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result

CVE-2024-53000 HIGH
7.8 Dec 10

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result

CVE-2024-52999 HIGH
7.8 Dec 10

Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could

CVE-2026-21303 MEDIUM
5.5 Jan 13

Out-of-bounds memory read in Substance 3D Modeler 1.22.4 and earlier allows disclosure of sensitive information from app

CVE-2026-21302 MEDIUM
5.5 Jan 13

Out-of-bounds memory read in Substance 3D Modeler 1.22.4 and earlier enables disclosure of sensitive data from process m

CVE-2026-21348 MEDIUM
5.5 Feb 10

Memory disclosure in Substance 3D Modeler 1.22.5 and earlier through an out-of-bounds read allows attackers to expose se

CVE-2026-21301 MEDIUM
5.5 Jan 13

Substance 3D Modeler versions 1.22.4 and earlier contain a null pointer dereference vulnerability that causes applicatio

Share

CVE-2026-21299 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy