In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.
References
| Link | Resource |
|---|---|
| https://help.prusa3d.com/article/post-processing-scripts_283913 | Product |
| https://raw.githubusercontent.com/vulncheck-oss/0day.today.archive/main/local-exploits/39547.txt | Exploit Third Party Advisory |
| https://slic3r.org/download/ | Not Applicable |
| https://www.prusa3d.com/page/prusaslicer_424/ | Product |
| https://raw.githubusercontent.com/vulncheck-oss/0day.today.archive/main/local-exploits/39547.txt | Exploit Third Party Advisory |
Configurations
History
11 May 2026, 12:58
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Prusa3d
Prusa3d prusaslicer |
|
| References | () https://help.prusa3d.com/article/post-processing-scripts_283913 - Product | |
| References | () https://raw.githubusercontent.com/vulncheck-oss/0day.today.archive/main/local-exploits/39547.txt - Exploit, Third Party Advisory | |
| References | () https://slic3r.org/download/ - Not Applicable | |
| References | () https://www.prusa3d.com/page/prusaslicer_424/ - Product | |
| CPE | cpe:2.3:a:prusa3d:prusaslicer:*:*:*:*:*:*:*:* |
08 May 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-77 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
| References | () https://raw.githubusercontent.com/vulncheck-oss/0day.today.archive/main/local-exploits/39547.txt - |
08 May 2026, 06:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-08 06:16
Updated : 2026-05-11 12:58
NVD link : CVE-2023-47268
Mitre link : CVE-2023-47268
CVE.ORG link : CVE-2023-47268
JSON object : View
Products Affected
prusa3d
- prusaslicer
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')