Multiple Vulnerabilities Discovered in Substance3D Software

Multiple Vulnerabilities Discovered in Substance3D Software

First seen 12 Mar 2026, 03:15 UTC Nvd.Nistnvd.nist.govApi.Msrc.Microsoftcwe.mitre.orgwww.dell.com+3 83% similarity 51.9

Article Content

Browse articles
ThreatCluster

On March 10, 2026, three critical vulnerabilities were published affecting Substance3D software. CVE-2026-21365 and CVE-2026-27219 both impact Substance3D - Painter versions 11.1.2 and earlier, exposing users to out-of-bounds read vulnerabilities that could lead to memory exposure. Exploitation of these vulnerabilities requires user interaction, specifically opening a malicious file. Additionally, CVE-2026-27276 affects Substance3D - Stager versions 3.1.7 and earlier, presenting a Use After Free vulnerability that could allow arbitrary code execution. All vulnerabilities necessitate user action for exploitation, highlighting the need for caution among users. The vulnerabilities were reported by NVD on March 11, 2026, prompting immediate attention from security professionals. Users are advised to remain vigilant and avoid opening suspicious files until patches are made available.

Key Points: • Three vulnerabilities identified in Substance3D software require user interaction to exploit. • CVE-2026-21365 and CVE-2026-27219 affect Substance3D - Painter versions 11.1.2 and earlier. • CVE-2026-27276 affects Substance3D - Stager versions 3.1.7 and earlier, allowing arbitrary code execution.

ThreatCluster AI

Timeline

2026-03-10
CVE-2026-21365, CVE-2026-27219, and CVE-2026-27276 published
2026-03-11
NVD reports vulnerabilities in Substance3D software

Community

Browse all →