CVE-2026-10197

LOW 3.3

Assimp TF File glTF2Importer.cpp ImportEmbeddedTextures null pointer dereference

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

2th

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance.

CWE	CWE-476 CWE-404
Vendor	n/a
Product	assimp
Published	May 31, 2026
Last Updated	Jun 1, 2026

Stay Ahead of the Next One

Get instant alerts for n/a assimp

Be the first to know when new low vulnerabilities affecting n/a assimp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / Assimp

6.0.0 6.0.1 6.0.2 6.0.3 6.0.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367477 vuldb.com: https://vuldb.com/vuln/367477/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10197 vuldb.com: https://vuldb.com/submit/821177 github.com: https://github.com/assimp/assimp/issues/6608 github.com: https://github.com/user-attachments/files/27193894/poc.zip github.com: https://github.com/assimp/assimp/pull/6645 github.com: https://github.com/assimp/assimp/

Credits

🔍 TYGLS (VulDB User) VulDB CNA Team