๐Ÿ” CVE Alert

CVE-2026-14610

MEDIUM 5.3

Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile heap-based overflow

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. Patch name: eb84eec580d3f4ba2f0fd87409b7d0744620f11e. Applying a patch is the recommended action to fix this issue.

CWE CWE-122 CWE-119
Vendor open asset import library
Product assimp
Published Jul 3, 2026
Stay Ahead of the Next One

Get instant alerts for open asset import library assimp

Be the first to know when new medium vulnerabilities affecting open asset import library assimp are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Open Asset Import Library / Assimp
6.0.0 6.0.1 6.0.2 6.0.3 6.0.4 6.0.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376118 vuldb.com: https://vuldb.com/vuln/376118/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14610 vuldb.com: https://vuldb.com/submit/844646 github.com: https://github.com/assimp/assimp/issues/6622 github.com: https://github.com/assimp/assimp/pull/6649 github.com: https://github.com/user-attachments/files/27235863/poc.zip github.com: https://github.com/assimp/assimp/commit/eb84eec580d3f4ba2f0fd87409b7d0744620f11e

Credits

๐Ÿ” TYGLS (VulDB User)