Description
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Substance3D – Sampler is vulnerable to an out‑of‑bounds write that allows an attacker to overwrite arbitrary memory locations. This flaw can lead to arbitrary code execution with the privileges of the user who opens a malicious file.

Affected Systems

Adobe’s Substance3D – Sampler versions 6.0.0 and earlier are affected. Affected installers include any release of the software before the 6.0.1 update. The vulnerability is noted by Adobe’s advisory and does not affect newer releases beyond 6.0.0.

Risk and Exploitability

The CVSS score of 7.8 indicates a high likelihood of successful exploits in a realistic scenario. While EPSS data is not available, the lack of a KEV listing suggests no mass exploitation is currently documented. The attack requires user interaction: the victim must open a crafted file. In practice, it is a local‑file, user‑initiated vector, so the risk is mitigated by restricting file handling, but it remains a high severity vulnerability.

Generated by OpenCVE AI on June 9, 2026 at 22:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Substance3D – Sampler to the latest available version that includes the security fix, such as 6.0.1 or later, as recommended by Adobe.
  • Configure user access controls to prevent the opening of unknown or untrusted files, for example by using file‑type restrictions or web‑mail filtering.
  • Employ application whitelisting or sandboxing techniques to ensure that even if a malicious file is opened, execution of arbitrary code is constrained.

Generated by OpenCVE AI on June 9, 2026 at 22:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Substance3D - Sampler | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:52:30.013Z

Reserved: 2026-03-30T17:30:36.498Z

Link: CVE-2026-34709

cve-icon Vulnrichment

Updated: 2026-06-09T20:52:27.072Z

cve-icon NVD

Status : Received

Published: 2026-06-09T20:16:39.633

Modified: 2026-06-09T20:16:39.633

Link: CVE-2026-34709

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:15Z

Weaknesses