CVE-2026-46336

Source
https://cve.org/CVERecord?id=CVE-2026-46336
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46336.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46336
Aliases
  • GHSA-j5f9-r7wf-hv37
Published
2026-07-16T17:04:31.056Z
Modified
2026-07-18T03:46:46.493001445Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVSS Calculator
Summary
Manyfold: Authenticated Path Traversal via File Rename
Details

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. From 0.96.0 until 0.140.0, authenticated users can rename uploaded files with path traversal sequences because app/models/model_file.rb uses the user-controlled filename in File.join(model.path, filename) without sufficient sanitization, allowing files to be moved or written outside the configured library directory. This issue is fixed in version 0.140.0.

Database specific
{
    "cwe_ids": [
        "CWE-22",
        "CWE-73"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46336.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/manyfold3d/manyfold

Affected ranges

Type
GIT
Repo
https://github.com/manyfold3d/manyfold
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.96.0"
        },
        {
            "fixed": "0.140.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

v0.*
v0.100.0
v0.100.1
v0.101.0
v0.102.0
v0.103.0
v0.103.1
v0.103.2
v0.104.0
v0.104.1
v0.105.0
v0.106.0
v0.107.0
v0.108.0
v0.108.1
v0.109.0
v0.109.1
v0.109.2
v0.110.0
v0.110.1
v0.110.2
v0.111.0
v0.111.1
v0.111.2
v0.112.0
v0.113.0
v0.114.0
v0.114.1
v0.115.0
v0.115.1
v0.116.0
v0.116.1
v0.116.2
v0.117.0
v0.118.0
v0.119.0
v0.120.0
v0.121.0
v0.122.0
v0.122.1
v0.123.0
v0.123.1
v0.123.2
v0.124.0
v0.125.0
v0.126.0
v0.127.0
v0.128.0
v0.128.1
v0.129.0
v0.129.1
v0.129.2
v0.129.3
v0.129.4
v0.130.0
v0.130.1
v0.130.2
v0.130.3
v0.130.4
v0.131.0
v0.132.0
v0.132.1
v0.133.0
v0.133.1
v0.134.0
v0.135.0
v0.136.0
v0.137.0
v0.138.0
v0.139.0
v0.139.1
v0.139.2
v0.139.3
v0.96.0
v0.97.0
v0.97.1
v0.98.0
v0.99.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46336.json"