CVE-2026-34710: Substance3D - Sampler | Out-of-bounds Write (CWE-787)
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Out-of-bounds write vulnerability in Adobe Substance3D - Sampler (versions 6.0.0 and earlier). The vulnerability is triggered locally and requires no authentication, but does require a victim to open a specially crafted malicious file. Successful exploitation gives an attacker arbitrary code execution running as the current user. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as Adobe publishes a fix.
HarborGuard Coverage
Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle Substance3D - Sampler.
AvailableHarborGuard is capable of scoring this CVE at CVSS 7.8 (High) and weighting it against each environment's compliance policy, then routing the finding to the appropriate team inbox within the customer organization.
AvailableNo upstream fix version has been published yet. HarborGuard re-checks the Adobe advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix version is released by the vendor.
Pending upstreamExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host; no over-the-network access is required to trigger this vulnerability.
- AuthenticationNot required
No account or credentials are needed to exploit this vulnerability; the attack is carried out through a malicious file without any authentication step.
- Victim interactionRequired
A victim must be socially engineered into opening a malicious file for the exploit to trigger.
- Attack complexityDetail
The exploit is reliable and condition-free once the victim opens the crafted file; no race conditions or specific memory layout dependencies are required.
Blast Radius
- The attacker executes arbitrary code in the context of the current user, gaining full control of any process Substance3D - Sampler is running as.
- All files, credentials, and session tokens accessible to that user account are readable by the attacker.
- The attacker can write or modify any files the current user has permission to change, including configuration files and stored project assets.
- The affected application and any dependent services can be crashed or made unresponsive at the attacker's discretion.
How HarborGuard Handles This
Available on HarborGuard: detection is active for images containing Substance3D - Sampler at or below version 6.0.0, with findings scored at CVSS 7.8 (High) and routed per each environment's compliance policy. Because Adobe has not yet published a fix version, no patched rebuild is available at this time. HarborGuard monitors the Adobe advisory on every ingest cycle and will generate a patched-image rebuild and, for customers with auto-remediation enabled, open a regression-tested PR against affected workloads as soon as an upstream fix is published. In the interim, compensating controls worth considering include network-policy isolation to limit the attack surface of hosts running Sampler, restricting file-open operations to trusted sources via egress filtering or file-type policies, and disabling Sampler in pipelines where its use is not strictly required until a patch is available.
- Adobe / Substance3D - Sampler≤ 6.0.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H