Out-of-bounds Read Vulnerability in Blender by the Blender Foundation
CVE-2026-60103
6.8MEDIUM
What is CVE-2026-60103?
Blender versions 3.0.0 through 5.1.2 are susceptible to an out-of-bounds read vulnerability, which can be exploited by attackers through the use of a specially crafted .blend file. This file manipulates the member_index field within the SDNA block. The flaw arises from a lack of bounds validation in the sdna_expand_names() function, allowing an unverified index to access the sdna->members[] array. Consequently, this can lead to a crash due to invalid pointer dereferencing and potential disclosure of sensitive heap memory.
Affected Version(s)
blender 3.0.0 <= 5.1.2
blender 3.0.0 <= 5.1.2
blender 968972a918b5ed2d534295b639c54449d7de11cd
