CVE-2026-10198

LOW 3.3

Assimp glTFImporter glTFImporter.cpp ImportMeshes null pointer dereference

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been published and may be used. The project tagged the reported issue as bug.

CWE	CWE-476 CWE-404
Vendor	n/a
Product	assimp
Published	May 31, 2026
Last Updated	Jun 1, 2026

Stay Ahead of the Next One

Get instant alerts for n/a assimp

Be the first to know when new low vulnerabilities affecting n/a assimp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / Assimp

6.0.0 6.0.1 6.0.2 6.0.3 6.0.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367478 vuldb.com: https://vuldb.com/vuln/367478/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10198 vuldb.com: https://vuldb.com/submit/821178 github.com: https://github.com/assimp/assimp/issues/6609 github.com: https://github.com/user-attachments/files/27193865/poc.zip github.com: https://github.com/assimp/assimp/

Credits

🔍 TYGLS (VulDB User) VulDB CNA Team