PT-2026-24395 · Adobe · Substance3D - Stager

Jann Horn

·

Published

2026-03-10

·

Updated

2026-03-11

·

CVE-2026-27279

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.1.7 and earlier
Description Substance3D - Stager versions 3.1.7 and earlier are susceptible to an out-of-bounds write issue. Successful exploitation of this issue could lead to arbitrary code execution with the privileges of the current user. User interaction is required, specifically a victim must open a malicious file for exploitation to occur.
Recommendations Versions prior to 3.1.7 should be updated.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-03025
CVE-2026-27279

Affected Products

Substance3D - Stager