CVE-2026-10232— Assimp ASE File scene.cpp ~aiNode use after free
Possible ATT&CK Techniques 1AI
T1211 · Exploitation for StealthGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10232
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Assimp ASE File scene.cpp ~aiNode use after free
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Assimp | 6.0.0 | cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-10232
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10232
请登录查看更多情报信息。
News Coverage for CVE-2026-10232 (1)
Other References for CVE-2026-10232 (1)
Other References for CVE-2026-10232 (1)
Same Patch Batch · n/a · 2026-06-01 · 15 CVEs total
| CVE-2026-10240 | 6.3 MEDIUM | JeecgBoot test server-side request forgery |
| CVE-2026-10239 | 6.3 MEDIUM | JeecgBoot edit WordUtil.addImage server-side request forgery |
| CVE-2026-10231 | 5.3 MEDIUM | Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp extract_anim_value heap-based overflow |
| CVE-2026-10230 | 5.3 MEDIUM | Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_animations heap-based overflow |
| CVE-2026-10229 | 5.3 MEDIUM | Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow |
| CVE-2026-10233 | 3.3 LOW | Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_sequence_infos out-of-bounds |
| CVE-2026-37221 | FlexRIC v2.0.0 远程拒绝服务漏洞 | |
| CVE-2026-37220 | FlexRIC v2.0.0 SCTP远程未授权拒绝服务漏洞 | |
| CVE-2025-60485 | GPAC Project/MP4Box <26.02.0 DoS漏洞 | |
| CVE-2025-60486 | MP4Box<26.02.0堆使用后释放导致DoS | |
| CVE-2025-60495 | GPAC <26.02.0分段错误导致DoS | |
| CVE-2025-60481 | MP4Box 26.02.0前空指针解引用致DoS | |
| CVE-2025-60483 | GPAC MP4Box 26.02.0前空指针解引用致DoS | |
| CVE-2025-55664 | GPAC MP4Box v2.4 堆缓冲区溢出导致DoS漏洞 |
IV. Related Vulnerabilities
Same product: Assimp
- CVE-2026-10233
Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_sequence - CVE-2026-10231
Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp extract_anim_ - CVE-2026-10230
Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_animatio - CVE-2026-10229
Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes h - CVE-2026-10201
Assimp UV Channel FBXExporter.cpp WriteObjects divide by zer
Same vendor: n/a
- CVE-2026-10240
JeecgBoot test server-side request forgery - CVE-2026-10239
JeecgBoot edit WordUtil.addImage server-side request forgery - CVE-2026-10233
Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_sequence - CVE-2026-10231
Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp extract_anim_ - CVE-2026-10230
Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_animatio
V. Comments for CVE-2026-10232
No comments yet