Description
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an out-of-bounds write that can lead to arbitrary code execution in the context of the user who opens a malicious file. The weakness is a classic bounds-checking failure (CWE‑787). An attacker must supply a specially crafted file that the user opens to trigger the exploit, giving the attacker execution privileges as the current Windows user.

Affected Systems

Adobe Substance3D Sampler versions 6.0.0 and earlier are vulnerable. No other vendors or versions are listed.

Risk and Exploitability

The CVSS score of 7.8 classifies the issue as high severity. The EPSS score is not available, so the exact likelihood of exploitation is unknown, but the vulnerability is listed in CISA KEV as not present, implying no known active exploitation. The attack vector requires user interaction (file opening) and is local. If an attacker succeeds, they could execute arbitrary code as the logged‑in user, impacting confidentiality, integrity, and availability of the system.

Generated by OpenCVE AI on June 9, 2026 at 21:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Substance3D Sampler to a version newer than 6.0.0, which contains the fix for the out‑of‑bounds write.
  • Avoid opening or executing untrusted or suspicious files with Substance3D Sampler.
  • If an update cannot be applied immediately, run Substance3D Sampler in a sandboxed or virtualized environment to limit potential damage.

Generated by OpenCVE AI on June 9, 2026 at 21:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe substance 3d Sampler
Vendors & Products Adobe
Adobe substance 3d Sampler

Wed, 10 Jun 2026 10:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Substance3D - Sampler | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Substance 3d Sampler
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-10T10:07:57.605Z

Reserved: 2026-05-21T15:28:38.136Z

Link: CVE-2026-48305

cve-icon Vulnrichment

Updated: 2026-06-10T10:07:52.491Z

cve-icon NVD

Status : Received

Published: 2026-06-09T20:17:01.597

Modified: 2026-06-09T20:17:01.597

Link: CVE-2026-48305

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T11:00:14Z

Weaknesses