{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27309", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2026-02-18T22:02:41.402Z", "datePublished": "2026-03-27T21:21:37.004Z", "dateUpdated": "2026-03-30T14:25:17.570Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Substance3D - Stager", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "3.1.7", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-03-10T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "Use After Free (CWE-416)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-03-27T21:21:37.004Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb26-29.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Substance3D - Stager | Use After Free (CWE-416)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T14:25:08.996271Z", "id": "CVE-2026-27309", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:25:17.570Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27309", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T14:25:08.996271Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:25:14.202Z"}}], "cna": {"title": "Substance3D - Stager | Use After Free (CWE-416)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "modifiedScope": "UNCHANGED", "temporalScore": 7.8, "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "HIGH", "availabilityImpact": "HIGH", "environmentalScore": 7.8, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "LOCAL", "confidentialityImpact": "HIGH", "environmentalSeverity": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "HIGH", "modifiedUserInteraction": "REQUIRED", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Substance3D - Stager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.1.7"}], "defaultStatus": "affected"}], "datePublic": "2026-03-10T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb26-29.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "Use After Free (CWE-416)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-03-27T21:21:37.004Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27309", "state": "PUBLISHED", "dateUpdated": "2026-03-30T14:25:17.570Z", "dateReserved": "2026-02-18T22:02:41.402Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2026-03-27T21:21:37.004Z", "assignerShortName": "adobe"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FA291F3-5A01-4976-B8BE-61E2D2AEDAC9", "versionEndExcluding": "3.1.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "id": "CVE-2026-27309", "lastModified": "2026-03-30T17:18:12.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2026-03-27T22:16:20.497", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb26-29.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "psirt@adobe.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.1.7]"}}], "enrichment": {"confidence": 94.0, "confidence_source": "matching", "scores": [{"score": 94.0, "source": "matching"}]}, "original": {"product": "Substance3D - Stager", "source": "cna", "vendor": "Adobe"}, "product": "substance_3d_stager", "vendor": "adobe"}], "analysis": {"en": {"generated_at": "2026-03-28T05:28:34.851314+00:00", "value": {"mitigation_remediation": ["Apply the latest Adobe patch for Substance3D Stager to a version newer than 3.1.7.", "If a patch is unavailable, block or quarantine files from untrusted sources and disable automatic opening of Substance3D Stager assets.", "Enforce strict file source verification and educate users to avoid opening suspicious content.", "Monitor system logs for anomalous behavior that may indicate exploitation attempts."], "summary": {"action": "Apply patch", "impact": "Arbitrary code execution via malicious file"}, "threat_synthesis": {"affected_systems": "Adobe Substance3D Stager software, specifically versions 3.1.7 and all earlier releases. Workstations or servers that rely on this product to import or edit material assets are vulnerable if they have not been upgraded beyond these versions.", "description_and_impact": "Adobe Substance3D Stager suffers a use\u2011after\u2011free bug in versions 3.1.7 and earlier, allowing an attacker to run arbitrary code in the context of the opening user when the victim opens a crafted file. The flaw arises from an invalid memory access that corrupts execution flow and can be triggered by manipulating the file format. If successful, the attacker gains control of the application and potentially the host system.", "risk_and_exploitability": "The CVSS score of 7.8 signals high severity, and the exploit requires user interaction\u2014the victim must open a malicious file. EPSS data is not available and the vulnerability is not listed in CISA\u2019s KEV catalog, indicating no current public exploitation yet. Nonetheless, because arbitrary code execution can be achieved, the risk remains considerable for organizations that process external 3D assets and lack strict file handling controls."}}}}, "created": "2026-03-29T20:29:42.579132+00:00", "updated": "2026-03-30T07:59:16.346132+00:00", "vendors": ["adobe", "adobe$PRODUCT$substance_3d_stager"]}