CVE-2026-27635

{"id": "CVE-2026-27635", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-02-26T00:16:24.307", "references": [{"url": "https://github.com/manyfold3d/manyfold/releases/tag/v0.133.0", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/manyfold3d/manyfold/security/advisories/GHSA-p589-cf26-v7h2", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter in its name. The filename reaches a Ruby backtick call unsanitized. Version 0.133.0 fixes the issue."}, {"lang": "es", "value": "Manyfold es una aplicaci\u00f3n web de c\u00f3digo abierto y autoalojada para gestionar una colecci\u00f3n de modelos 3D, particularmente enfocada en la impresi\u00f3n 3D. Antes de la versi\u00f3n 0.133.0, cuando la generaci\u00f3n de renderizados de modelos est\u00e1 habilitada, un usuario autenticado puede lograr RCE al subir un archivo ZIP que contiene un archivo con un metacaracter de shell en su nombre. El nombre del archivo llega a una llamada de backtick de Ruby sin sanear. La versi\u00f3n 0.133.0 corrige el problema."}], "lastModified": "2026-02-27T18:36:30.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:manyfold:manyfold:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F54584E-5C84-449F-848F-730DC1BECAC2", "versionEndExcluding": "0.133.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}