CVE-2026-10232
5.3 MEDIUMA weakness has been identified in Assimp up to 6.0.4
Published: 2026-06-01 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-119, CWE-416
Description
A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10232
- [Other]https://github.com/assimp/assimp/
- [Other]https://github.com/assimp/assimp/issues/6617
- [Other]https://github.com/user-attachments/files/27200601/poc.zip
- [Other]https://vuldb.com/cve/CVE-2026-10232
- [Other]https://vuldb.com/submit/821192
- [Other]https://vuldb.com/vuln/367511
- [Other]https://vuldb.com/vuln/367511/cti
Related CVEs
Same CWE
- CVE-2026-12216 — A weakness has been identified in svaarala duktape up to 2.99.99 (5.3 MEDIUM)
- CVE-2026-12200 — A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32 (7.3 HIGH)
- CVE-2026-12193 — A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x (7.8 HIGH)
- CVE-2026-12192 — A vulnerability was determined in GALAYOU Y4 1.0.0 (8.8 HIGH)
- CVE-2026-12174 — A security vulnerability has been detected in D-Link DCS-935L 1.10.01 (8.8 HIGH)