Skip to main content

Substance 3d Stager CVE-2026-27275

HIGH
Out-of-bounds Write (CWE-787)
2026-03-10 psirt@adobe.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 10, 2026 - 19:17 nvd
HIGH 7.8

DescriptionCVE.org

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered by opening a malicious file. An attacker can achieve code execution with user privileges by crafting a weaponized file and socially engineering a victim into opening it. No patch is currently available for this high-severity vulnerability.

Technical ContextAI

Classified as CWE-787 (Out-of-bounds Write). Affects Substance 3D Stager. Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

CVE-2025-43571 HIGH
7.8 May 13

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbi

CVE-2025-43549 HIGH
7.8 May 13

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbi

CVE-2026-21287 HIGH
7.8 Jan 13

Arbitrary code execution in Substance 3D Stager 3.1.5 and earlier stems from a use-after-free vulnerability that execute

CVE-2026-21341 HIGH
7.8 Feb 10

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier via an out-of-bounds write vulnerability allows local

CVE-2026-27277 HIGH
7.8 Mar 10

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through a use-after-free memory vulnerability that tri

CVE-2026-27276 HIGH
7.8 Mar 10

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier stems from a use-after-free vulnerability that execute

CVE-2026-21345 HIGH
7.8 Feb 10

Code execution in Substance 3D Stager 3.1.6 and earlier through a crafted file that triggers an out-of-bounds memory rea

CVE-2026-21344 HIGH
7.8 Feb 10

Substance 3D Stager 3.1.6 and earlier contains an out-of-bounds read vulnerability in file parsing that allows arbitrary

CVE-2026-21343 HIGH
7.8 Feb 10

Code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds read vulnerability in malformed fi

CVE-2026-27279 HIGH
7.8 Mar 10

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered

CVE-2026-27274 HIGH
7.8 Mar 10

Arbitrary code execution in Adobe Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability tha

CVE-2026-27273 HIGH
7.8 Mar 10

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered

Share

CVE-2026-27275 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy