CVE-2026-10197

LOW SEVERITY

CVSS Score & Metrics

Base Score

3.3 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L                                    

Vulnerability Description

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance.

Vulnerability Details

Published Date

May 31, 2026

Last Modified

May 31, 2026

CWE ID

CWE-404

Source

NVD

Product

Assimp

External References

https://github.com/assimp/assimp/
https://github.com/assimp/assimp/issues/6608
https://github.com/assimp/assimp/pull/6645
https://github.com/user-attachments/files/27193894/poc.zip
https://vuldb.com/cve/CVE-2026-10197
https://vuldb.com/submit/821177
https://vuldb.com/vuln/367477
https://vuldb.com/vuln/367477/cti

CVE-2026-10197

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment