NULL Pointer Dereference Vulnerability in Substance3D Painter by Adobe
CVE-2026-21364

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Substance3d - Painter
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-21364?

Substance3D Painter versions 11.1.2 and earlier have a vulnerability that allows an attacker to trigger a NULL Pointer Dereference. This issue can lead to a denial-of-service scenario as the application may crash upon processing a crafted file. Successful exploitation necessitates user interaction, as a victim must open the malicious file for the attack to take effect. The potential impact includes service disruption and an interrupted user experience, emphasizing the need for caution when handling unknown file types.

Affected Version(s)

Substance3D - Painter 0 <= 11.1.2

References

https://helpx.adobe.com/security/products/substance3d_pai...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Dec 12, 2025

CVE-2026-21364 Data

JSON