How is CVE-2026-34709 exploited?

Network reachability (not-required): The attack vector is local (AV:L), so the attacker needs an existing shell or process on the host rather than any network path to the service. Authentication (not-required): No credentials or account privileges are needed (PR:N); the attacker only needs to deliver a malicious file to the target. Victim interaction (required): The victim must open a malicious file (UI:R), making a social-engineering or phishing step necessary to trigger the vulnerability. Attack complexity (info): Attack complexity is low (AC:L), meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental factors.

What is the impact of CVE-2026-34709?

A successful attacker executes arbitrary code in the context of the current user, gaining full control over that process. The attacker reads any files and secrets accessible to the current user account, including application credentials and local data stores. The attacker modifies or deletes files and configuration data within the user's permissions scope. The affected application process can be crashed or held hostage, disrupting any dependent workflows running under that user context.

Back to search

HIGHCVE-2026-34709Published 2026-06-09Modified 2026-06-09CNA adobe

CVE-2026-34709: Substance3D - Sampler | Out-of-bounds Write (CWE-787)

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS v3.1: 7.8
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

Out-of-bounds write vulnerability in Adobe Substance3D - Sampler (versions 6.0.0 and earlier) allows an attacker to corrupt memory by convincing a victim to open a specially crafted file. The attack is local-vector, requires no authentication, but does require the target user to open a malicious file. Successful exploitation gives the attacker arbitrary code execution running as the current user. No fix has been published yet; HarborGuard is tracking the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images and pipeline artifacts, including custom-built images that bundle Substance3D - Sampler at an affected version.

Available

Triage

HarborGuard is capable of scoring this CVE at its published CVSS 3.1 severity of 7.8 (HIGH) and weighting that score against each customer environment's compliance policy; routed alerts are directed to the appropriate team inbox within the customer org based on those policy settings.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment Adobe ships a corrected release. In the interim, compensating controls such as network-policy isolation and restricting file-open workflows in affected container workloads can be applied through HarborGuard policy rules.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attack vector is local (AV:L), so the attacker needs an existing shell or process on the host rather than any network path to the service.
AuthenticationNot required
No credentials or account privileges are needed (PR:N); the attacker only needs to deliver a malicious file to the target.
Victim interactionRequired
The victim must open a malicious file (UI:R), making a social-engineering or phishing step necessary to trigger the vulnerability.
Attack complexityDetail
Attack complexity is low (AC:L), meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental factors.

Blast Radius

A successful attacker executes arbitrary code in the context of the current user, gaining full control over that process.
The attacker reads any files and secrets accessible to the current user account, including application credentials and local data stores.
The attacker modifies or deletes files and configuration data within the user's permissions scope.
The affected application process can be crashed or held hostage, disrupting any dependent workflows running under that user context.

How HarborGuard Handles This

Available on HarborGuard: because no fix version has been published by Adobe, HarborGuard continuously re-checks the advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment an upstream fix is released. For customers who opt into auto-remediation, that rebuild will trigger a regression test run and open a PR against affected workloads without manual intervention. While the vulnerability remains unpatched, HarborGuard's policy engine can flag or block promotion of images containing Substance3D - Sampler at or below version 6.0.0, and network-policy isolation rules can be applied to restrict file-ingestion pathways in container workloads that bundle the affected software. Where compliance policy permits, customers can also gate file-open capabilities at the container level as a compensating control until Adobe publishes a patch.

See how HarborGuard automates this

Affected packages

Adobe / Substance3D - Sampler
≤ 6.0.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

helpx.adobe.com

Metrics

Get notified