CVE-2026-10198 Assimp glTFImporter glTFImporter.cpp ImportMeshes null pointer dereference

🗓️ 31 May 2026 22:15:12Reported by VulDBType

Assimp glTFImporter ImportMeshes up to version six point zero four causes null pointer dereference; local exploit published.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2026-10198	31 May 202622:15	–	attackerkb
Circl	CVE-2026-10198	1 Jun 202603:15	–	circl
CNNVD	Assimp 代码问题漏洞	31 May 202600:00	–	cnnvd
CVE	CVE-2026-10198	31 May 202622:15	–	cve
Debian CVE	CVE-2026-10198	31 May 202622:15	–	debiancve
EUVD	EUVD-2026-33520	1 Jun 202600:30	–	euvd
NVD	CVE-2026-10198	31 May 202623:16	–	nvd
OSV	DEBIAN-CVE-2026-10198	31 May 202623:16	–	osv
OSV	UBUNTU-CVE-2026-10198	31 May 202623:16	–	osv
Positive Technologies	PT-2026-45215	31 May 202600:00	–	ptsecurity

[
  {
    "vendor": "n/a",
    "product": "Assimp",
    "versions": [
      {
        "version": "6.0.0",
        "status": "affected"
      },
      {
        "version": "6.0.1",
        "status": "affected"
      },
      {
        "version": "6.0.2",
        "status": "affected"
      },
      {
        "version": "6.0.3",
        "status": "affected"
      },
      {
        "version": "6.0.4",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "glTFImporter"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/submit/821178
vuldb	www.vuldb.com/vuln/367478
github	www.github.com/assimp/assimp/issues/6609
vuldb	www.vuldb.com/vuln/367478/cti
vuldb	www.vuldb.com/cve/CVE-2026-10198
github	www.github.com/assimp/assimp/
github	www.github.com/user-attachments/files/27193865/poc.zip

31 May 2026 22:15Current

CVSS 21.7

CVSS 3.13.3

CVSS 33.3

CVSS 44.8

EPSS0.00113