Substance 3d Stager
CVE-2026-27274
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Adobe Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability that executes with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but no special permissions, making it a practical attack vector for local exploitation. No patch is currently available.
Technical ContextAI
Classified as CWE-787 (Out-of-bounds Write). Affects Substance 3D Stager. Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.
More in Substance 3d Stager
View allSubstance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbi
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbi
Arbitrary code execution in Substance 3D Stager 3.1.5 and earlier stems from a use-after-free vulnerability that execute
Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier via an out-of-bounds write vulnerability allows local
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through a use-after-free memory vulnerability that tri
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier stems from a use-after-free vulnerability that execute
Code execution in Substance 3D Stager 3.1.6 and earlier through a crafted file that triggers an out-of-bounds memory rea
Substance 3D Stager 3.1.6 and earlier contains an out-of-bounds read vulnerability in file parsing that allows arbitrary
Code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds read vulnerability in malformed fi
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today