What is the CVSS score of CVE-2026-34709?

CVE-2026-34709 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Substance3D Sampler are affected by CVE-2026-34709?

Adobe Substance3D Sampler 6.0.0 and earlier contains an arbitrary code execution vulnerability triggered by opening maliciously crafted 3D asset files, creating targeted social engineering risk…

How to fix or mitigate CVE-2026-34709?

Within 24 hours: Distribute security advisory to all Substance3D Sampler users on versions 6.0.0 and earlier; prohibit opening files from external or untrusted sources; disable file-sharing integrations where feasible. Within 7 days: Implement user training on social engineering and file source verification; enable endpoint logging for Substance3D Sampler process execution; establish a formal patching timeline with Adobe. Within 30 days: Monitor Adobe security advisories for patch releases; evaluate upgrade readiness to any patched version when available; conduct forensic audit of file access logs for compromise indicators on affected systems.

Substance3D Sampler CVE-2026-34709

EUVD-2026-35797 HIGH

Out-of-bounds Write (CWE-787)

2026-06-09 adobe

GHSA-rf65-6wmx-8w67

Memory Corruption Buffer Overflow RCE Substance3D Sampler

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 09, 2026 - 20:08 vuln.today

DescriptionNVD

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Arbitrary code execution in Adobe Substance3D Sampler 6.0.0 and earlier occurs when a user opens a maliciously crafted 3D asset file, triggering an out-of-bounds write that runs attacker code with the current user's privileges. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the local attack vector combined with high impact and required user interaction makes this a classic targeted-phishing/social-engineering risk against artists and 3D designers.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious Substance3D file

Delivery

Deliver via email or asset marketplace

Exploit

Victim opens file in Sampler

Execution

Trigger out-of-bounds write in parser

Persist

Hijack execution as current user

Impact

Install payload and steal credentials

Access

Craft malicious Substance3D file

Delivery

Deliver via email or asset marketplace

Exploit

Victim opens file in Sampler

Execution

Trigger out-of-bounds write in parser

Persist

Hijack execution as current user

Impact

Install payload and steal credentials

Vulnerability AssessmentAI

Exploitation	Exploitation requires (1) the victim to be running Adobe Substance3D Sampler version 6.0.0 or earlier locally, and (2) the victim to actively open an attacker-supplied malicious file in Sampler - the CVSS vector AV:L/UI:R confirms both local execution context and required user interaction. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H yields a 7.8 (High) and accurately reflects the threat model: the attacker needs no privileges but does need the victim to open a malicious file locally, after which all three impact dimensions are fully compromised. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker crafts a malicious Substance3D Sampler project, material, or scan file and delivers it via email, a compromised asset marketplace, a fake client brief, or a shared cloud folder. When the targeted artist double-clicks the file or opens it from within Sampler, the parser performs an out-of-bounds write that hijacks execution, and the attacker's code runs in the user's session - installing a stager, stealing browser/Adobe credentials, or pivoting into corporate VPN-connected resources.
Remediation	Patch available per vendor advisory: upgrade Substance3D Sampler to the fixed version listed in Adobe security bulletin APSB26-60 (https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html) - the bulletin should be consulted directly for the exact fixed build, which was not enumerated in the input data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Distribute security advisory to all Substance3D Sampler users on versions 6.0.0 and earlier; prohibit opening files from external or untrusted sources; disable file-sharing integrations where feasible. …

Threat intelligence, references, and detailed analysis are available after sign-in.