Medium severity6.3NVD Advisory· Published May 12, 2026· Updated May 13, 2026
CVE-2026-34664
CVE-2026-34664
Description
Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Affected products
2cpe:2.3:a:adobe:substance_3d_designer:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:substance_3d_designer:*:*:*:*:*:*:*:*range: <=15.1.0
- (no CPE)range: <=15.1.0
Patches
Vulnerability mechanics
References
1- helpx.adobe.com/security/products/substance3d_designer/apsb26-52.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.