Skip to main content

Substance 3d Designer CVE-2026-21338

MEDIUM
NULL Pointer Dereference (CWE-476)
2026-02-10 psirt@adobe.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 10, 2026 - 18:16 nvd
MEDIUM 5.5

DescriptionCVE.org

Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Substance 3D Designer 15.1.0 and earlier contains a null pointer dereference vulnerability that allows local attackers to crash the application by tricking users into opening malicious files. This denial-of-service attack requires user interaction but causes service disruption with no mitigation patch currently available.

Technical ContextAI

Classified as CWE-476 (NULL Pointer Dereference). Affects Substance 3D Designer. Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-21161 HIGH
7.8 Feb 11

Substance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could resul

CVE-2026-21307 HIGH
7.8 Jan 13

Arbitrary code execution in Substance 3D Designer 15.0.3 and earlier results from an out-of-bounds write vulnerability t

CVE-2025-21166 HIGH
7.8 Jul 08

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result

CVE-2025-21165 HIGH
7.8 Jul 08

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result

CVE-2025-21164 HIGH
7.8 Jul 08

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result

CVE-2026-21335 HIGH
7.8 Feb 10

Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier via an out-of-bounds write vulnerability that trigg

CVE-2026-21334 HIGH
7.8 Feb 10

Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier through an out-of-bounds write vulnerability that r

CVE-2024-41864 HIGH
7.8 Aug 14

Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could resul

CVE-2024-20750 HIGH
7.8 Feb 15

Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a cr

CVE-2023-48639 HIGH
7.8 Dec 13

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds writ

CVE-2023-21618 HIGH
7.8 Jun 15

Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability

CVE-2023-26416 HIGH
7.8 Apr 13

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that

Share

CVE-2026-21338 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy