CVE-2026-48306 – Adobe Substance3D – Sampler

CVSS 7.8 IMPORTANT High with EoP or RCE – Expedited Deployment

“A crafted 3D asset can turn a creative workflow into a code execution risk.”

Adobe patched four High severity vulnerabilities in Substance3D – Sampler versions 6.0.0 and earlier. CVE-2026-34709, CVE-2026-34710, CVE-2026-48305, and CVE-2026-48306 each have a CVSS score of 7.8, which is High severity.

The vulnerabilities are out-of-bounds write issues that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

Key Details

Affected Product
Adobe Substance 3d Sampler
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
CWE Classification
CWE-787
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.