A vulnerability was found in Assimp up to 6.0.4 . It has been declared as problematic . Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h . Such manipulation of the argument operator[] leads to null pointer dereference. This vulnerability is listed as CVE-2026-10199 . The attack must be carried out locally. In addition, an exploit is available. It is best practice to apply a patch to resolve this issue.