CVE-2026-10232

MEDIUM

Assimp ASE File scene.cpp ~aiNode use after free

Title source: cna

Description

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug.

References (7)

Core 7

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-367511 | Assimp ASE File scene.cpp ~aiNode use after free

https://vuldb.com/vuln/367511

Signature, Permissions Required signature permissions-required

VDB-367511 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/367511/cti

Third Party Advisory third-party-advisory

CVE-2026-10232 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-10232

Third Party Advisory third-party-advisory

Submit #821192 | Assimp commit 17c12da Memory Corruption

https://vuldb.com/submit/821192

Issue Tracking issue-tracking

https://github.com/assimp/assimp/issues/6617

Exploit exploit

https://github.com/user-attachments/files/27200601/poc.zip

Product product

https://github.com/assimp/assimp/

Scores

CVSS v3 5.3

EPSS 0.0011

EPSS Percentile 1.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-119 CWE-416

Status published

Products (5)

None/Assimp 6.0.0

None/Assimp 6.0.1

None/Assimp 6.0.2

None/Assimp 6.0.3

None/Assimp 6.0.4

Published Jun 01, 2026

Tracked Since Jun 01, 2026