Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Substance3D Stager versions 3.1.7 and earlier allow malicious file execution
CVE-2026-27277
Summary
Substance3D Stager versions 3.1.7 and earlier contain a security flaw that lets hackers take control of your computer if you open a rigged file. This requires you to interact with the file yourself, so it's not a virus that can spread on its own. Update to a newer version of Substance3D Stager to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| adobe | substance_3d_stager | <= 3.1.8 | – |
Original title
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this...
Original description
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
nvd CVSS3.1
7.8
Vulnerability type
CWE-416
Use After Free
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026