Vulnerability Database

310,472

Total vulnerabilities in the database

CVE-2009-3850

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

Published: Nov 6, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-3850
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
blender / blender	2.35a	2.35a.x
blender / blender	2.49b	2.49b.x
blender / blender	2.40	2.40.x
blender / blender	2.34	2.34.x

http://www.coresecurity.com/content/blender-scripting-injection
http://www.securityfocus.com/archive/1/507706/100/0/threaded
http://www.securityfocus.com/bid/36838

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo