CVE-2009-3850

Blender 2.34, 2.35a, 2.40, 2.49b - Remote Code Execution via ScriptLink SDNA onLoad Action

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3850. PoCs published by Core Security.

AI-analyzed exploit summary This advisory describes a vulnerability in Blender where .blend project files can execute arbitrary commands via embedded Python scripts. The exploit leverages Blender's scripting functionality to execute code upon file load.

Description

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Core Security · textremotemultiple

https://www.exploit-db.com/exploits/9843

View Code ZIP pw:eip

This advisory describes a vulnerability in Blender where .blend project files can execute arbitrary commands via embedded Python scripts. The exploit leverages Blender's scripting functionality to execute code upon file load.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Blender 2.49b and earlier

No auth needed

Prerequisites: User interaction to open a malicious .blend file

MITRE ATT&CK

T1059.006 - Python

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36838

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/507706/100/0/threaded

Exploit x_refsource_misc

http://www.coresecurity.com/content/blender-scripting-injection

Scores

EPSS 0.0944

EPSS Percentile 94.8%

Details

CWE

CWE-94

Status published

Products (4)

blender/blender 2.34

blender/blender 2.35a

blender/blender 2.40

blender/blender 2.49b

Published Nov 06, 2009

Tracked Since Feb 18, 2026