Out-of-Bounds Read Vulnerability in Substance3D Painter by Adobe
CVE-2026-21365

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Substance3d - Painter
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-21365?

Substance3D Painter versions 11.1.2 and earlier contain an out-of-bounds read vulnerability that can lead to the exposure of sensitive information stored in memory. This vulnerability requires user interaction, as attackers can exploit it by compelling victims to open specially crafted malicious files. Users should ensure they update to secure versions to safeguard against potential data leaks.

Affected Version(s)

Substance3D - Painter 0 <= 11.1.2

References

https://helpx.adobe.com/security/products/substance3d_pai...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Dec 12, 2025

CVE-2026-21365 Data

JSON