CVE-2026-10230

LOW EPSS 2.7%

Published Jun 1, 20264w ago · Modified Jun 17, 20261w ago

1.9 CVSS 4.0

Low

Published Jun 1, 2026 4w ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::read_animations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The project tagged the reported issue as bug.

CVSS Details

Base Score

1.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

2.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

CWE-122

References 6

github.com https://github.com/assimp/assimp/
github.com https://github.com/assimp/assimp/issues/6615
vuldb.com https://vuldb.com/cve/CVE-2026-10230
vuldb.com https://vuldb.com/submit/821190
vuldb.com https://vuldb.com/vuln/367509
vuldb.com https://vuldb.com/vuln/367509/cti

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.