Adobe Substance 3D Designer is a software for creating, iterating, and defining the look of 3D models and materials. The software allows users to build complex materials with a node-based, non-destructive workflow. With Substance 3D Designer, users can create parametric, procedural, and hybrid textures and materials that can then be shipped to game engines or used in the 3D community and industry.

Adobe Substance 3D Designer

Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-21340	MEDIUM	5.5	Adobe Substance 3D Designer	cpe:2.3:a:adobe:substance_3d_designer	No	Yes	Feb 10, 2026
CVE-2026-21339	MEDIUM	5.5	Adobe Substance 3D Designer	cpe:2.3:a:adobe:substance_3d_designer	No	Yes	Feb 10, 2026
CVE-2026-21338	MEDIUM	5.5	Adobe Substance 3D Designer	cpe:2.3:a:adobe:substance_3d_designer	No	Yes	Feb 10, 2026
CVE-2026-21337	MEDIUM	5.5	Adobe Substance 3D Designer	cpe:2.3:a:adobe:substance_3d_designer	No	Yes	Feb 10, 2026
CVE-2026-21336	MEDIUM	5.5	Adobe Substance 3D Designer	cpe:2.3:a:adobe:substance_3d_designer	No	Yes	Feb 10, 2026

CVE-2026-21338:
Adobe Substance 3D Designer vulnerability analysis and mitigation

5.5

Related Adobe Substance 3D Designer vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-21338: Adobe Substance 3D Designer vulnerability analysis and mitigation