NULL Pointer Dereference in Substance3D Painter by Adobe
CVE-2026-21363

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Substance3d - Painter
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-21363?

Substance3D Painter versions 11.1.2 and earlier are susceptible to a NULL Pointer Dereference vulnerability. This flaw can potentially be exploited by attackers to trigger an application denial-of-service (DoS), resulting in service disruptions. The exploitation necessitates user interaction, as a victim must open a specifically crafted, malicious file for the attack to succeed. It is crucial for users of affected versions to remain vigilant and update their software to mitigate risks associated with this vulnerability.

Affected Version(s)

Substance3D - Painter 0 <= 11.1.2

References

https://helpx.adobe.com/security/products/substance3d_pai...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Dec 12, 2025

CVE-2026-21363 Data

JSON