Description
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Substance3D – Sampler is vulnerable to an out‑of‑bounds write that allows an attacker to overwrite arbitrary memory locations. This flaw can lead to arbitrary code execution with the privileges of the user who opens a malicious file.

Affected Systems

Adobe’s Substance3D – Sampler versions 6.0.0 and earlier are affected. Affected installers include any release of the software before the 6.0.1 update. The vulnerability is noted by Adobe’s advisory and does not affect newer releases beyond 6.0.0.

Risk and Exploitability

The CVSS score of 7.8 indicates a high likelihood of successful exploits in a realistic scenario. While EPSS data is not available, the lack of a KEV listing suggests no mass exploitation is currently documented. The attack requires user interaction: the victim must open a crafted file. In practice, it is a local‑file, user‑initiated vector, so the risk is mitigated by restricting file handling, but it remains a high severity vulnerability.

Generated by OpenCVE AI on June 9, 2026 at 22:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Substance3D – Sampler to the latest available version that includes the security fix, such as 6.0.1 or later, as recommended by Adobe.
  • Configure user access controls to prevent the opening of unknown or untrusted files, for example by using file‑type restrictions or web‑mail filtering.
  • Employ application whitelisting or sandboxing techniques to ensure that even if a malicious file is opened, execution of arbitrary code is constrained.

Generated by OpenCVE AI on June 9, 2026 at 22:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:adobe:substance_3d_sampler:*:*:*:*:*:*:*:*

Wed, 10 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe substance 3d Sampler
Vendors & Products Adobe
Adobe substance 3d Sampler

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Substance3D - Sampler | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Substance 3d Sampler
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:52:30.013Z

Reserved: 2026-03-30T17:30:36.498Z

Link: CVE-2026-34709

cve-icon Vulnrichment

Updated: 2026-06-09T20:52:27.072Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-09T20:16:39.633

Modified: 2026-06-11T13:05:34.603

Link: CVE-2026-34709

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T11:00:14Z

Weaknesses