CVE Catalog

CVE-2026-14610

MediumCVSS 5.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

A vulnerability has been found in Open Asset Import Library Assimp up to version 6.0.5 in the function Assimp::CSMImporter::InternReadFile in CSMLoader.cpp. The flaw causes a heap-based buffer overflow when processing CSM files. The attack requires local access and an exploit has been published.

Risk Assessment

The organization is at risk of local code execution by a user with system access, potentially leading to application or system compromise.

Recommendation

Apply the patch with ID eb84eec580d3f4ba2f0fd87409b7d0744620f11e immediately to fix the vulnerability. Update Assimp library to a version later than 6.0.5.

Original NVD description (English source)

A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. Patch name: eb84eec580d3f4ba2f0fd87409b7d0744620f11e. Applying a patch is the recommended action to fix this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS