CVE-2026-10200

EUVD-2026-33522
A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The project tagged the reported issue as bug.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Common Weakness Enumeration
References
https://github.com/assimp/assimp/
https://github.com/assimp/assimp/issues/6612
https://github.com/user-attachments/files/27194256/poc.zip
https://vuldb.com/cve/CVE-2026-10200
https://vuldb.com/submit/821180
https://vuldb.com/vuln/367480
https://vuldb.com/vuln/367480/cti