CVE-2026-27218
Received Received - Intake

NULL Pointer Dereference in Substance3D Painter Causes DoS Crash

Vulnerability report for CVE-2026-27218, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-10

Last updated on: 2026-03-11

Assigner: Adobe Systems Incorporated

Description

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-10
Last Modified
2026-03-11
Generated
2026-07-06
AI Q&A
2026-03-10
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
adobe substance_3d_painter to 11.1.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Substance3D - Painter versions 11.1.2 and earlier. It is a NULL Pointer Dereference vulnerability that can cause the application to crash, resulting in a denial-of-service condition. To exploit this vulnerability, an attacker needs the victim to open a malicious file, which triggers the crash.

Impact Analysis

The primary impact of this vulnerability is that it can cause the Substance3D - Painter application to crash, leading to a denial-of-service. This disruption can affect your ability to use the application reliably, potentially interrupting workflows or services that depend on it.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, avoid opening malicious files in Substance3D - Painter versions 11.1.2 and earlier, as exploitation requires user interaction through opening a malicious file.

Consider updating to a version later than 11.1.2 once available to address the NULL Pointer Dereference vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27218. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart