Description
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-05-12
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write vulnerability exists in Substance3D – Designer versions 15.1.0 and earlier, allowing an attacker to corrupt memory and ultimately execute arbitrary code with the privileges of the user running the application. The flaw resides in how the program processes certain user‑supplied data and can be triggered by a malicious file that the user opens.

Affected Systems

Adobe’s Substance3D – Designer product, affecting all installations at version 15.1.0 and earlier.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and while EPSS data is not available, the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the victim to open a malicious file, making user interaction a prerequisite. Attackers can gain code execution only in the context of the current user; however, this still permits installation of malware, data theft, or other malicious actions that benefit the attacker. Consequently, the risk is moderate but non‑negligible, especially in environments where users frequently handle untrusted files.

Generated by OpenCVE AI on May 12, 2026 at 20:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe patch or upgrade Substance3D – Designer to a version newer than 15.1.0
  • Restrict or disable opening of susceptible file types (e.g., refuse to open .sbs files from untrusted sources)
  • Educate users on the risks of opening unknown files and enforce strict handling policies

Generated by OpenCVE AI on May 12, 2026 at 20:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Substance3D - Designer | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-13T03:58:33.667Z

Reserved: 2026-03-30T17:30:36.496Z

Link: CVE-2026-34683

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T19:16:31.603

Modified: 2026-05-12T19:16:31.603

Link: CVE-2026-34683

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:45:23Z

Weaknesses