PatchSiren

blender CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM blender CVE published 2026-07-13

CVE-2026-60103

CVE-2026-60103 is an out-of-bounds read vulnerability in Blender 3.0.0 through 5.1.2. Attackers can trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short member_index value in the SDNA block. The vulnerability exists in the sdna_expand_names() function, where the member_index field is used as an array index into the sdna->members[] array without boun [truncated]