Skip to main content

Manyfold CVE-2026-46336

| EUVDEUVD-2026-44989 HIGH
Path Traversal (CWE-22)
2026-07-16 GitHub_M
7.1
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
vuln.today AI
7.1 HIGH

Network-facing web app renamable by any authenticated low-privilege user (PR:L, AC:L, UI:N); write/move-only primitive gives I:H and modest A:L with no read, so C:N.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

4
Patch available
Jul 16, 2026 - 19:33 EUVD
Source Code Evidence Fetched
Jul 16, 2026 - 17:46 vuln.today
Analysis Generated
Jul 16, 2026 - 17:46 vuln.today
CVE Published
Jul 16, 2026 - 17:04 cve.org
HIGH 7.1

DescriptionCVE.org

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. From 0.96.0 until 0.140.0, authenticated users can rename uploaded files with path traversal sequences because app/models/model_file.rb uses the user-controlled filename in File.join(model.path, filename) without sufficient sanitization, allowing files to be moved or written outside the configured library directory. This issue is fixed in version 0.140.0.

AnalysisAI

Path traversal in Manyfold's file-rename functionality (versions 0.96.0 through 0.139.x) lets an authenticated user move or write files outside the configured 3D-model library directory. The flaw stems from app/models/model_file.rb passing a user-controlled filename straight into File.join(model.path, filename) without stripping '..' sequences, giving low-privileged users write/overwrite primitives on the host filesystem. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged user
Delivery
Upload a model file
Exploit
Rename file with '../' traversal path
Execution
File.join writes outside library dir
Impact
Overwrite/plant file on host filesystem

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated Manyfold account with permission to upload and rename model files (CVSS PR:L), and the attacker must set a file's filename to a value containing path-traversal sequences (e.g. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L, base 7.1) describes a network-reachable, low-complexity attack requiring only low-privilege authentication and no user interaction, with high integrity impact (arbitrary file write/move) and low availability impact but no confidentiality loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privileged Manyfold account uploads a model file and then renames it to a value such as '../../../../etc/passwd' or a path targeting a writable Rails config or startup file. Because the filename is joined to the library path without sanitization, the file is moved or written outside the library directory, letting the attacker overwrite or plant files on the host. …
Remediation Upgrade to Manyfold 0.140.0 or later - Vendor-released patch: v0.140.0 - which adds filename normalization that strips '..' and '.' path segments and sanitizes each remaining component (see PR https://github.com/manyfold3d/manyfold/pull/6122 and commit ed6a53e54926708594c07d222155ac3a22f93174). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory Manyfold deployments and identify running versions; if any version 0.96.0 through 0.139.x is present, immediately revoke file-rename permissions from non-administrative users and review recent file modification logs for suspicious activity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-46336 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy