Skip to main content

Substance 3d Sampler CVE-2026-21306

HIGH
Out-of-bounds Write (CWE-787)
2026-01-13 psirt@adobe.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 13, 2026 - 20:16 nvd
HIGH 7.8

DescriptionCVE.org

Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Arbitrary code execution in Substance 3D Sampler 5.1.0 and earlier through an out-of-bounds write vulnerability that requires a user to open a malicious file. An attacker can execute commands with the privileges of the current user on the affected system. No patch is currently available for this vulnerability.

Technical ContextAI

Classified as CWE-787 (Out-of-bounds Write). Affects Substance 3D Sampler. Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

CVE-2025-43588 HIGH
7.8 Jun 10

A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

CVE-2025-43581 HIGH
7.8 Jun 10

CVE-2025-43581 is an out-of-bounds write vulnerability in Adobe Substance3D - Sampler (versions 5.0 and earlier) that en

CVE-2024-52996 HIGH
7.8 Dec 10

Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could r

CVE-2024-52995 HIGH
7.8 Dec 10

Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could r

CVE-2024-52994 HIGH
7.8 Dec 10

Substance3D - Sampler versions 4.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result

CVE-2023-48630 HIGH
7.8 Dec 13

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could re

CVE-2023-48629 HIGH
7.8 Dec 13

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could re

CVE-2023-48628 HIGH
7.8 Dec 13

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could re

CVE-2023-48627 HIGH
7.8 Dec 13

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could re

CVE-2023-48626 HIGH
7.8 Dec 13

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could re

CVE-2023-48625 HIGH
7.8 Dec 13

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could re

CVE-2024-47459 MEDIUM
5.5 Oct 17

Substance3D - Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead

Share

CVE-2026-21306 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy