CVE-2026-27635
📋 TL;DR
This vulnerability allows authenticated users to achieve remote code execution by uploading a ZIP file containing a file with shell metacharacters in its filename. The vulnerability affects self-hosted Manyfold instances with model render generation enabled. Attackers can execute arbitrary commands on the server with the privileges of the Manyfold application.
💻 Affected Systems
- Manyfold
📦 What is this software?
Manyfold by Manyfold
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise allowing attackers to execute arbitrary commands, access sensitive data, pivot to other systems, or deploy persistent backdoors.
Likely Case
Authenticated attackers gaining shell access to the Manyfold server, potentially accessing 3D model files, user data, and system resources.
If Mitigated
Limited impact if proper access controls, network segmentation, and least privilege principles are implemented, though RCE still poses significant risk.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of the vulnerability. The advisory provides technical details that could facilitate exploit development.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.133.0
Vendor Advisory: https://github.com/manyfold3d/manyfold/security/advisories/GHSA-p589-cf26-v7h2
Restart Required: Yes
Instructions:
1. Backup your Manyfold data and configuration. 2. Stop the Manyfold service. 3. Update to version 0.133.0 or later using your package manager or by downloading from GitHub. 4. Restart the Manyfold service. 5. Verify the update was successful.
🔧 Temporary Workarounds
Disable model render generation
allTemporarily disable the vulnerable feature until patching is possible
Check Manyfold configuration for render generation settings and disable
Restrict ZIP uploads
allImplement file upload restrictions to block ZIP files or require admin approval
Configure web server or application firewall to block .zip uploads
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Manyfold instances from critical systems
- Enforce least privilege principles for Manyfold service accounts and monitor for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check if Manyfold version is below 0.133.0 and model render generation is enabled in configurationCheck Version:
Check Manyfold web interface or configuration files for version informationVerify Fix Applied:
Verify Manyfold version is 0.133.0 or higher and test that ZIP uploads with shell metacharacters are properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads with special characters in filenames
- Shell command execution from Manyfold process
- Failed authentication attempts followed by successful uploads
Network Indicators:
- Unexpected outbound connections from Manyfold server
- Suspicious payloads in HTTP POST requests to upload endpoints
SIEM Query:
source="manyfold.log" AND ("upload" AND "zip" AND ("$" OR "`" OR "|" OR ";")) OR process="ruby" AND cmdline="backtick"