CVE-2026-10198
3.3 LOWA flaw has been found in Assimp up to 6.0.4
Published: 2026-05-31 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 3.3 LOW
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-404, CWE-476
Description
A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been published and may be used. The project tagged the reported issue as bug.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10198
- [Other]https://github.com/assimp/assimp/
- [Other]https://github.com/assimp/assimp/issues/6609
- [Other]https://github.com/user-attachments/files/27193865/poc.zip
- [Other]https://vuldb.com/cve/CVE-2026-10198
- [Other]https://vuldb.com/submit/821178
- [Other]https://vuldb.com/vuln/367478
- [Other]https://vuldb.com/vuln/367478/cti
Related CVEs
Same CWE
- CVE-2026-53463 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.3 MEDIUM)
- CVE-2026-47213 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (6.5 MEDIUM)
- CVE-2026-24716 — A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-22899 — A NULL pointer dereference vulnerability has been reported to affect File Station 6
- CVE-2025-66281 — A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions