Description
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write flaw exists in Substance3D Sampler versions 6.0.0 and earlier. The vulnerability can be triggered by opening a specially crafted file, resulting in arbitrary code execution running with the privileges of the user who opens the file. This flaw is a classic CWE‑787 pointer corruption, giving an attacker the means to compromise confidentiality, integrity, and availability of the affected system.

Affected Systems

The Adobe Substance3D Sampler product is affected. All releases up to and including version 6.0.0 are vulnerable; later versions are presumed fixed but the exact version boundaries are not listed in the data provided.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, and although the EPSS score is not available, the lack of a KEV listing suggests no widespread exploitation has been observed yet. Exploitation requires user interaction—specifically, the victim must open a malicious file with Substance3D Sampler. Consequently the attack vector is inferred to be local; an attacker can deliver the file via social engineering, email attachments, or other mechanisms that prompt the user to open it. Given the potential for arbitrary code execution, the risk to affected systems remains elevated until a patch is applied.

Generated by OpenCVE AI on June 9, 2026 at 22:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest available patch for Adobe Substance3D Sampler.
  • Avoid opening untrusted or unknown files with Substance3D Sampler.
  • Consider disabling automatic file associations for Substance3D Sampler to reduce accidental execution of malicious files.

Generated by OpenCVE AI on June 9, 2026 at 22:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Substance3D - Sampler | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T19:40:51.852Z

Reserved: 2026-03-30T17:30:36.498Z

Link: CVE-2026-34710

cve-icon Vulnrichment

Updated: 2026-06-09T19:40:47.344Z

cve-icon NVD

Status : Received

Published: 2026-06-09T20:16:39.770

Modified: 2026-06-09T20:16:39.770

Link: CVE-2026-34710

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:15Z

Weaknesses