Skip to content
Threat Feed
high advisory

CVE-2026-34681 - Adobe Substance3D Designer Out-of-Bounds Write Vulnerability

Adobe Substance3D Designer versions 15.1.0 and earlier are vulnerable to an out-of-bounds write, potentially leading to arbitrary code execution if a user opens a malicious file.

Adobe Substance3D Designer versions 15.1.0 and earlier contain an out-of-bounds write vulnerability (CVE-2026-34681). This vulnerability allows for arbitrary code execution in the context of the current user. The attack requires user interaction, as the victim must open a specially crafted malicious file. Successful exploitation could allow an attacker to execute arbitrary commands on the victim’s system. This vulnerability impacts systems where users routinely handle files from untrusted sources, such as downloaded assets or shared projects.

Attack Chain

  1. Attacker crafts a malicious Substance3D Designer file.
  2. Attacker distributes the malicious file to the victim via email, shared storage, or other means.
  3. The victim, unaware of the danger, opens the malicious file in Adobe Substance3D Designer (version 15.1.0 or earlier).
  4. The out-of-bounds write vulnerability is triggered during the parsing or processing of the malicious file.
  5. The attacker gains control of the application’s execution flow due to the memory corruption.
  6. The attacker injects and executes arbitrary code within the context of the current user.
  7. The attacker can then perform actions such as installing malware, stealing sensitive data, or compromising other applications.

Impact

Successful exploitation of CVE-2026-34681 can result in arbitrary code execution on the victim’s system. An attacker could leverage this to install malware, steal sensitive information, or gain persistent access. The severity of the impact depends on the user’s privileges and the sensitivity of the data accessible to the user. This vulnerability could potentially affect any user of Substance3D Designer 15.1.0 and earlier, especially those who work with files from untrusted or unknown sources.

Recommendation

  • Upgrade to a version of Adobe Substance3D Designer that addresses CVE-2026-34681.
  • Exercise caution when opening files from untrusted sources.
  • Implement the Sigma rule “Detect Suspicious Substance3D File Opening” to detect potential exploitation attempts based on process execution characteristics.
  • Monitor process creation events for Substance3D_Designer.exe spawning child processes with unusual command-line arguments.

Detection coverage 2

Detect Suspicious Substance3D File Opening

high

Detects potential exploitation of CVE-2026-34681 by monitoring for Substance3D Designer spawning suspicious child processes.

sigma tactics: execution techniques: T1059.001 sources: process_creation, windows

Detect Unusual Network Connection from Substance3D Designer

medium

Detects CVE-2026-34681 exploitation — Monitors for network connections initiated by Substance3D Designer to uncommon ports or IP addresses, indicative of potential command and control activity.

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, windows

Detection queries are available on the platform. Get full rules →