CVE-2026-10200 MEDIUM

CVE-2026-10200: Assimp 4x4 Matrix glTFCommon.h CopyValue heap-based overflow

Vendor N/A
Product Assimp
Weakness CWE-122
Published May 31, 2026
Last update June 1, 2026

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The project tagged the reported issue as bug.

Key dates

02Disclosure timeline

May 31, 2026 CVE published
June 1, 2026 Record updated