{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21339", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2025-12-12T22:01:18.195Z", "datePublished": "2026-02-10T18:08:09.889Z", "dateUpdated": "2026-02-10T18:42:31.602Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Substance3D - Designer", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "15.1.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-02-10T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-02-10T18:08:09.889Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb26-19.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Substance3D - Designer | Out-of-bounds Read (CWE-125)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T18:42:20.227218Z", "id": "CVE-2026-21339", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T18:42:31.602Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21339", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T18:42:20.227218Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T18:42:23.793Z"}}], "cna": {"title": "Substance3D - Designer | Out-of-bounds Read (CWE-125)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "modifiedScope": "UNCHANGED", "temporalScore": 5.5, "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "MEDIUM", "availabilityImpact": "NONE", "environmentalScore": 5.5, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "LOCAL", "confidentialityImpact": "HIGH", "environmentalSeverity": "MEDIUM", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "NONE", "modifiedUserInteraction": "REQUIRED", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Substance3D - Designer", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "15.1.0"}], "defaultStatus": "affected"}], "datePublic": "2026-02-10T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb26-19.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-02-10T18:08:09.889Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21339", "state": "PUBLISHED", "dateUpdated": "2026-02-10T18:42:31.602Z", "dateReserved": "2025-12-12T22:01:18.195Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2026-02-10T18:08:09.889Z", "assignerShortName": "adobe"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:substance_3d_designer:*:*:*:*:*:*:*:*", "matchCriteriaId": "099B5ACB-801D-4DA7-953A-6A95AAB2225E", "versionEndExcluding": "15.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "id": "CVE-2026-21339", "lastModified": "2026-02-11T17:30:29.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2026-02-10T18:16:32.093", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb26-19.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "psirt@adobe.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,15.1.0]"}}], "product": "substance_3d_designer", "vendor": "adobe"}], "analysis": {"en": {"generated_at": "2026-04-17T20:33:40.164223+00:00", "value": {"mitigation_remediation": ["Update Substance3D \u2013 Designer to a version newer than 15.1.0 following the Adobe security advisory.", "As a temporary measure, restrict or quarantine the opening of unknown or untrusted files that may contain malicious content.", "Continuously monitor file access logs for anomalous file openings and block suspicious files from the system."], "summary": {"action": "Apply Patch", "impact": "Memory Exposure"}, "threat_synthesis": {"affected_systems": "Adobe Substance3D \u2013 Designer versions 15.1.0 and earlier are vulnerable. Updated versions released after 15.1.0 contain the fix.", "description_and_impact": "An out\u2011of\u2011bounds read flaw in Substance3D \u2013 Designer allows an attacker to read beyond intended memory bounds. The vulnerability can cause disclosure of sensitive data residing in memory. It stems from an improper bounds check (CWE\u2011125) and requires that a victim open a crafted file to trigger the read. The impact is the exposure of confidential information but does not directly allow remote code execution.", "risk_and_exploitability": "The CVSS base score of 5.5 indicates a moderate severity. EPSS is below 1%, suggesting the likelihood of exploitation is low. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires user interaction, so an attacker must convince a user to open a malicious file; otherwise the flaw cannot be leveraged."}}}}, "created": "2026-02-11T21:52:02.371826+00:00", "updated": "2026-04-17T20:45:25.758784+00:00", "vendors": ["adobe", "adobe$PRODUCT$substance_3d_designer"]}