CVE-2026-21336
Analyzed Analyzed - Analysis Complete
NULL Pointer Dereference in Substance3D Designer Causes DoS

Publication date: 2026-02-10

Last updated on: 2026-02-11

Assigner: Adobe Systems Incorporated

Description
Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-21336
EUVD
EUVD-2026-6767
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adobe substance_3d_designer to 15.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should avoid opening malicious files in Substance3D - Designer versions 15.1.0 and earlier, as exploitation requires user interaction through opening a malicious file.

Additionally, consider updating to a version later than 15.1.0 if available, or applying any patches provided by Adobe to address this NULL Pointer Dereference vulnerability.

Executive Summary

This vulnerability affects Substance3D - Designer versions 15.1.0 and earlier. It is a NULL Pointer Dereference vulnerability that can cause the application to crash, leading to a denial-of-service condition. To exploit this vulnerability, an attacker needs the victim to open a malicious file, which triggers the crash.

Impact Analysis

Exploitation of this vulnerability can cause the Substance3D - Designer application to crash, resulting in denial-of-service. This disruption can affect availability of the application and any services relying on it, potentially interrupting workflows or productivity.

Compliance Impact

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21336. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart