CVE-2026-10198
LOWAssimp glTFImporter glTFImporter.cpp ImportMeshes null pointer dereference
Title source: cnaDescription
A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been published and may be used. The project tagged the reported issue as bug.
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
CVE-2026-10198 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10198
Third Party Advisory third-party-advisory
Submit #821178 | Assimp commit 17c12da NULL Pointer Dereference
https://vuldb.com/submit/821178
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-367478 | Assimp glTFImporter glTFImporter.cpp ImportMeshes null pointer dereference
https://vuldb.com/vuln/367478
Signature, Permissions Required signature
permissions-required
VDB-367478 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/367478/cti
Issue Tracking issue-tracking
https://github.com/assimp/assimp/issues/6609
Exploit exploit
https://github.com/user-attachments/files/27193865/poc.zip
Product product
https://github.com/assimp/assimp/
Scores
CVSS v3
3.3
EPSS
0.0011
EPSS Percentile
1.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-404
CWE-476
Status
published
Products (5)
None/Assimp
6.0.0
None/Assimp
6.0.1
None/Assimp
6.0.2
None/Assimp
6.0.3
None/Assimp
6.0.4
Published
May 31, 2026
Tracked Since
Jun 01, 2026