Out-of-Bounds Write Vulnerability in Substance3D Sampler by Adobe
CVE-2026-48305

7.8HIGH

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-48305?

The Substance3D Sampler application provided by Adobe is vulnerable to an out-of-bounds write issue, allowing for potential arbitrary code execution by attackers. This vulnerability affects versions 6.0.0 and earlier and necessitates user interaction, as exploitation requires the victim to open specially crafted files designed to trigger the flaw. Ensuring that users are aware of this risk and encouraging updates to newer versions can mitigate the threat posed by this vulnerability.

Affected Version(s)

Substance3D - Sampler 0 <= 6.0.0

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.