CVE-2026-10199

🗓️ 31 May 2026 22:30:11Reported by VulDBType

CVE-2026-10199: Assimp LazyDict null dereference in glTF2Asset.h allows exploit; patch.

Reporter	Title	Published	Views	Family All 21
ATTACKERKB	CVE-2026-10199	31 May 202622:30	–	attackerkb
Circl	CVE-2026-10199	1 Jun 202603:09	–	circl
CNNVD	Assimp 代码问题漏洞	31 May 202600:00	–	cnnvd
Cvelist	CVE-2026-10199 Assimp glTF2Asset.h LazyDict null pointer dereference	31 May 202622:30	–	cvelist
Debian CVE	CVE-2026-10199	31 May 202622:30	–	debiancve
EUVD	EUVD-2026-33521	1 Jun 202600:30	–	euvd
NVD	CVE-2026-10199	31 May 202623:16	–	nvd
OPENSUSE Linux	assimp-devel-6.0.5-3.1 on GA media (moderate)	7 Jun 202600:00	–	opensuse
OSV	DEBIAN-CVE-2026-10199	31 May 202623:16	–	osv
OSV	OESA-2026-2560 assimp security update	5 Jun 202615:48	–	osv

Vulners

Node

assimp assimpMatch6.0.0

assimp assimpMatch6.0.1

assimp assimpMatch6.0.2

assimp assimpMatch6.0.3

assimp assimpMatch6.0.4

[
  {
    "vendor": "n/a",
    "product": "Assimp",
    "versions": [
      {
        "version": "6.0.0",
        "status": "affected"
      },
      {
        "version": "6.0.1",
        "status": "affected"
      },
      {
        "version": "6.0.2",
        "status": "affected"
      },
      {
        "version": "6.0.3",
        "status": "affected"
      },
      {
        "version": "6.0.4",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*"
    ]
  }
]

Source	Link
github	www.github.com/assimp/assimp/commit/d24b85319bd70c65883a2b96613e07e23fb95981
github	www.github.com/user-attachments/files/27194148/poc.zip
vuldb	www.vuldb.com/cve/CVE-2026-10199
vuldb	www.vuldb.com/vuln/367479/cti
github	www.github.com/assimp/assimp/
vuldb	www.vuldb.com/vuln/367479
github	www.github.com/assimp/assimp/pull/6646
vuldb	www.vuldb.com/submit/821179
github	www.github.com/assimp/assimp/issues/6611

17 Jun 2026 10:12Current

5.2Medium risk

Vulners AI Score5.2

CVSS 21.7

CVSS 3.13.3

CVSS 44.8

CVSS 33.3

EPSS0.00118

SSVC