CVE-2026-10199 | Assimp up to 6.0.4 glTF2Asset.h glTF2::LazyDict operator[] null pointer dereference (Issue 6611)

A vulnerability was found in Assimp up to 6.0.4. It has been declared as problematic. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference.

This vulnerability is listed as CVE-2026-10199. The attack must be carried out locally. In addition, an exploit is available.

It is best practice to apply a patch to resolve this issue.VulDB Recent EntriesRead More