Vulnerabilities ›

CVE-2026-10230

Medium

CWE-119 — Weakness Type

                    Published: Jun 1, 2026                      ·  Modified: Jun 4, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::read_animations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The project tagged the reported issue as bug.

🤖 AI Executive Summary

A heap-based buffer overflow vulnerability exists in Assimp's Half-Life 1 MDL Loader component affecting versions up to 6.0.4, exploitable through malicious MDL files. Local attackers can trigger the vulnerability via the read_animations function in HL1MDLLoader.cpp, with public exploits already available.

📄 Description (Arabic)

ثغرة تجاوز المخزن المؤقت المستند إلى الكومة في مكون Half-Life 1 MDL Loader في مكتبة Assimp تؤثر على الإصدارات حتى 6.0.4. يمكن استغلال الثغرة محلياً من خلال ملفات MDL ضارة، مع توفر استغلالات عامة بالفعل.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: Jun 1, 2026 12:38

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1203

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update Assimp to version 6.0.5 or later immediately. Validate and sanitize all MDL file inputs before processing. Implement file type restrictions and disable Half-Life MDL loading if not required. Apply principle of least privilege for applications using Assimp.

🔧 خطوات المعالجة (العربية)

قم بتحديث Assimp إلى الإصدار 6.0.5 أو أحدث فوراً. تحقق من صحة ملفات MDL وقم بتنظيفها قبل المعالجة. طبق قيود نوع الملف وعطل تحميل Half-Life MDL إذا لم تكن مطلوبة. طبق مبدأ أقل صلاحية للتطبيقات التي تستخدم Assimp.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.14.2.5

🔗 References & Sources 6

🔗

https://github.com/assimp/assimp/

cna@vuldb.com

🔗

https://github.com/assimp/assimp/issues/6615

cna@vuldb.com

🔗

https://vuldb.com/cve/CVE-2026-10230

cna@vuldb.com

🔗

https://vuldb.com/submit/821190

cna@vuldb.com

🔗

https://vuldb.com/vuln/367509

cna@vuldb.com

🔗

https://vuldb.com/vuln/367509/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-119

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-06-01

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-10230

Introduce Yourself

Sign In Required