EUVD-2026-35799
GHSA-x35f-42cm-xjh4
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Adobe Substance3D Sampler versions 6.0.0 and earlier occurs through an out-of-bounds write triggered when a user opens a maliciously crafted file. The flaw executes code in the context of the current user and requires victim interaction, with no public exploit identified at time of analysis and no CISA KEV listing.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Victim must open an attacker-supplied malicious file in Adobe Substance3D Sampler 6.0.0 or earlier (UI:R in the CVSS vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H reflects a local attack vector with required user interaction but no privileges, yielding a 7.8 (High) score driven by the full C/I/A impact triad. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious Substance3D Sampler project or material file and delivers it via spearphishing, a compromised asset marketplace, or a shared art-pipeline drop folder. A 3D artist opens the file in Sampler 6.0.0 or earlier, the out-of-bounds write corrupts memory during parsing, and the attacker's shellcode executes with the artist's privileges - enabling data theft from the workstation or pivoting into the studio's content pipeline. … |
| Remediation | Patch available per vendor advisory APSB26-60 (https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html) - upgrade Substance3D Sampler to the version specified by Adobe in that bulletin (exact fix version not included in the input data, so confirm directly from the advisory before deploying). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Adobe Substance3D Sampler installations and document current versions; prohibit users from opening files from untrusted sources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Arbitrary code execution in Adobe Substance3D Sampler 6.0.0 and earlier occurs when a user opens a maliciously crafted 3
Arbitrary code execution in Adobe Substance3D Sampler versions 6.0.0 and earlier occurs when a victim opens a maliciousl
Arbitrary code execution in Adobe Substance3D Sampler 6.0.0 and earlier occurs when a user opens a maliciously crafted a
Share
External POC / Exploit Code
Leaving vuln.today