{"api_version":"1","generated_at":"2026-04-28T12:17:33+00:00","cve":"CVE-2026-21340","urls":{"html":"https://cve.report/CVE-2026-21340","api":"https://cve.report/api/cve/CVE-2026-21340.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-21340","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-21340"},"summary":{"title":"Substance3D - Designer | Out-of-bounds Read (CWE-125)","description":"Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","state":"PUBLISHED","assigner":"adobe","published_at":"2026-02-10 18:16:32","updated_at":"2026-04-28 03:16:02"},"problem_types":["CWE-125","CWE-125 Out-of-bounds Read (CWE-125)"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Secondary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"psirt@adobe.com","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","availabilityRequirement":"NOT_DEFINED","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","confidentialityRequirement":"NOT_DEFINED","environmentalScore":5.5,"environmentalSeverity":"MEDIUM","exploitCodeMaturity":"NOT_DEFINED","integrityImpact":"NONE","integrityRequirement":"NOT_DEFINED","modifiedAttackComplexity":"LOW","modifiedAttackVector":"LOCAL","modifiedAvailabilityImpact":"NONE","modifiedConfidentialityImpact":"HIGH","modifiedIntegrityImpact":"NONE","modifiedPrivilegesRequired":"NONE","modifiedScope":"UNCHANGED","modifiedUserInteraction":"REQUIRED","privilegesRequired":"NONE","remediationLevel":"NOT_DEFINED","reportConfidence":"NOT_DEFINED","scope":"UNCHANGED","temporalScore":5.5,"temporalSeverity":"MEDIUM","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://helpx.adobe.com/security/products/substance3d_designer/apsb26-19.html","name":"https://helpx.adobe.com/security/products/substance3d_designer/apsb26-19.html","refsource":"psirt@adobe.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-21340","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21340","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Adobe","product":"Substance3D - Designer","version":"affected 15.1.0 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"21340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"substance_3d_designer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-21340","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-02-10T18:51:49.470851Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-02-10T18:55:25.959Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"affected","product":"Substance3D - Designer","vendor":"Adobe","versions":[{"lessThanOrEqual":"15.1.0","status":"affected","version":"0","versionType":"semver"}]}],"datePublic":"2026-02-10T17:00:00.000Z","descriptions":[{"lang":"en","value":"Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","availabilityRequirement":"NOT_DEFINED","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","confidentialityRequirement":"NOT_DEFINED","environmentalScore":5.5,"environmentalSeverity":"MEDIUM","exploitCodeMaturity":"NOT_DEFINED","integrityImpact":"NONE","integrityRequirement":"NOT_DEFINED","modifiedAttackComplexity":"LOW","modifiedAttackVector":"LOCAL","modifiedAvailabilityImpact":"NONE","modifiedConfidentialityImpact":"HIGH","modifiedIntegrityImpact":"NONE","modifiedPrivilegesRequired":"NONE","modifiedScope":"UNCHANGED","modifiedUserInteraction":"REQUIRED","privilegesRequired":"NONE","remediationLevel":"NOT_DEFINED","reportConfidence":"NOT_DEFINED","scope":"UNCHANGED","temporalScore":5.5,"temporalSeverity":"MEDIUM","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"Out-of-bounds Read (CWE-125)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-28T02:23:59.324Z","orgId":"078d4453-3bcd-4900-85e6-15281da43538","shortName":"adobe"},"references":[{"tags":["vendor-advisory"],"url":"https://helpx.adobe.com/security/products/substance3d_designer/apsb26-19.html"}],"source":{"discovery":"EXTERNAL"},"title":"Substance3D - Designer | Out-of-bounds Read (CWE-125)"}},"cveMetadata":{"assignerOrgId":"078d4453-3bcd-4900-85e6-15281da43538","assignerShortName":"adobe","cveId":"CVE-2026-21340","datePublished":"2026-02-10T18:08:07.209Z","dateReserved":"2025-12-12T22:01:18.195Z","dateUpdated":"2026-04-28T02:23:59.324Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-02-10 18:16:32","lastModifiedDate":"2026-04-28 03:16:02","problem_types":["CWE-125","CWE-125 Out-of-bounds Read (CWE-125)"],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:substance_3d_designer:*:*:*:*:*:*:*:*","versionEndExcluding":"15.1.2","matchCriteriaId":"099B5ACB-801D-4DA7-953A-6A95AAB2225E"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"21340","Ordinal":"1","Title":"Substance3D - Designer | Out-of-bounds Read (CWE-125)","CVE":"CVE-2026-21340","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"21340","Ordinal":"1","NoteData":"Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","Type":"Description","Title":"Substance3D - Designer | Out-of-bounds Read (CWE-125)"}]}}}