CVE-2026-27214
Received Received - Intake
NULL Pointer Dereference in Substance3D Painter Causes DoS Crash

Publication date: 2026-03-10

Last updated on: 2026-03-11

Assigner: Adobe Systems Incorporated

Description
Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27214
EUVD
EUVD-2026-10758
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adobe substance_3d_painter to 11.1.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Substance3D - Painter versions 11.1.2 and earlier. It is a NULL Pointer Dereference vulnerability that can cause the application to crash, resulting in a denial-of-service condition. To exploit this vulnerability, an attacker needs the victim to open a malicious file, which triggers the crash.

Impact Analysis

Exploitation of this vulnerability can lead to the application crashing, causing disruption to services. This denial-of-service impact means that users may be unable to use Substance3D - Painter while the application is affected.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, avoid opening malicious files in Substance3D - Painter versions 11.1.2 and earlier, as exploitation requires user interaction through opening a malicious file.

Consider updating to a version later than 11.1.2 if available, as this vulnerability affects versions 11.1.2 and earlier.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27214. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart