Out-of-bounds Read in Blender

CVE-2026-60103

Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short member_index value in the SDNA…

Vulnerability class: Buffer Overflow

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H.

Affected products

  • Blender — versions 3.0.0, 968972a918b5ed2d534295b639c54449d7de11cd

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-60103?
CVE-2026-60103 is a medium-severity vulnerability in Blender, classified under Out-of-bounds Read. CVSS score: 6.1/10. Published 2026-07-13.
How severe is CVE-2026-60103?
Medium severity. CVSS v3 base score is 6.1 out of 10.