CVE-2026-14610
Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile heap-based overflow
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. Patch name: eb84eec580d3f4ba2f0fd87409b7d0744620f11e. Applying a patch is the recommended action to fix this issue.
| CWE | CWE-122 CWE-119 |
| Vendor | open asset import library |
| Product | assimp |
| Published | Jul 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for open asset import library assimp
Be the first to know when new medium vulnerabilities affecting open asset import library assimp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Open Asset Import Library / Assimp
6.0.0 6.0.1 6.0.2 6.0.3 6.0.4 6.0.5
References
vuldb.com: https://vuldb.com/vuln/376118 vuldb.com: https://vuldb.com/vuln/376118/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14610 vuldb.com: https://vuldb.com/submit/844646 github.com: https://github.com/assimp/assimp/issues/6622 github.com: https://github.com/assimp/assimp/pull/6649 github.com: https://github.com/user-attachments/files/27235863/poc.zip github.com: https://github.com/assimp/assimp/commit/eb84eec580d3f4ba2f0fd87409b7d0744620f11e
Credits
๐ TYGLS (VulDB User)