CVE-2026-48306 – Adobe Substance3D – Sampler
CVSS 7.8
IMPORTANT
High with EoP or RCE – Expedited Deployment
“A crafted 3D asset can turn a creative workflow into a code execution risk.”
Adobe patched four High severity vulnerabilities in Substance3D – Sampler versions 6.0.0 and earlier. CVE-2026-34709, CVE-2026-34710, CVE-2026-48305, and CVE-2026-48306 each have a CVSS score of 7.8, which is High severity.
The vulnerabilities are out-of-bounds write issues that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.
Key Details
- Affected Product
- Adobe Substance 3d Sampler
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-787
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.