Zero Day MonitorZDM

← Back to list

7.8

CVE-2026-27276PATCHED

adobe · substance_3d_stager

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is

Description

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Products

Vendor	Product	Versions
adobe	substance_3d_stager	< 3.1.8

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
adobe	creative cloud	cert_advisory	90%

References

https://helpx.adobe.com/security/products/substance3d_stager/apsb26-29.html(Vendor Advisory)

Related News (1 articles)

Tier B

BSI Advisories2d ago

[UPDATE] [hoch] Adobe Creative Cloud Applikationen: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

3.1.8

CWECWE-416

PublishedMar 10, 2026

Last enriched7h ago

Trending Score18

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-3774

Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor

MEDIUMCVE-2026-3778

Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

HIGHCVE-2026-27220

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current

HIGHCVE-2026-27272

Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi

HIGHCVE-2026-27274

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 10, 2026

Patch Available

Mar 11, 2026

Discovered by ZDM

Apr 1, 2026