CVE-2026-10232
Publication date 1 June 2026
Last updated 6 June 2026
Ubuntu priority
Description
A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| assimp | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.3 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-10232
- https://github.com/assimp/assimp/issues/6617
- https://github.com/assimp/assimp/
- https://github.com/user-attachments/files/27200601/poc.zip
- https://vuldb.com/cve/CVE-2026-10232
- https://vuldb.com/submit/821192
- https://vuldb.com/vuln/367511
- https://vuldb.com/vuln/367511/cti