CVE-2026-46336 in manyfold
Summary
by MITRE • 07/16/2026
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. From 0.96.0 until 0.140.0, authenticated users can rename uploaded files with path traversal sequences because app/models/model_file.rb uses the user-controlled filename in File.join(model.path, filename) without sufficient sanitization, allowing files to be moved or written outside the configured library directory. This issue is fixed in version 0.140.0.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/16/2026
The vulnerability identified in Manyfold versions 0.96.0 through 0.140.0 represents a critical path traversal flaw that undermines the application's file system security controls. This weakness stems from insufficient input validation within the model_file.rb component where user-provided filenames are directly incorporated into File.join operations without proper sanitization measures. The vulnerability allows authenticated users to manipulate file paths through carefully crafted naming sequences that can bypass directory restrictions and potentially escalate their privileges within the application's file management system.
The technical exploitation of this vulnerability occurs when an authenticated user submits a filename containing path traversal sequences such as ../ or ..\ that are then processed by the File.join method. The application's failure to sanitize these inputs means that maliciously crafted filenames can cause the system to write files outside the intended library directory structure. This flaw directly maps to CWE-22 Path Traversal and falls under the broader category of insecure file handling practices that have been consistently identified as critical security risks in web applications.
From an operational perspective, this vulnerability creates significant risk for organizations using Manyfold for 3D model management, particularly those hosting sensitive manufacturing data or proprietary designs. An attacker with valid credentials could potentially overwrite existing files, create malicious files in system directories, or even execute arbitrary code if the application has sufficient privileges to write to critical locations. The impact extends beyond simple file manipulation as it could enable further escalation attacks where an attacker might attempt to compromise other system components through file system access.
The remediation implemented in version 0.140.0 addresses this issue by introducing proper input sanitization mechanisms that validate and normalize user-provided filenames before they are processed by the File.join function. This fix aligns with established security best practices for preventing path traversal attacks and demonstrates the importance of validating all user-controlled inputs that influence file system operations. Organizations using affected versions should prioritize immediate patching as this vulnerability could be exploited by both internal users with valid credentials and external attackers who have obtained authentication details through other means.
Security practitioners should consider implementing additional monitoring controls around file system access patterns in environments where Manyfold is deployed, as anomalous file creation or modification activities could indicate exploitation attempts. The vulnerability also highlights the need for comprehensive security testing including threat modeling exercises that specifically identify potential path traversal vectors within file handling code paths. This issue reinforces the fundamental principle that all user inputs should be treated as potentially malicious and validated against expected patterns before being processed by system functions that interact with the underlying file system.
The attack surface of this vulnerability extends beyond simple file manipulation to include potential privilege escalation scenarios, particularly in environments where the application runs with elevated privileges or where the library directory structure contains sensitive system files. Organizations should conduct thorough security assessments of their Manyfold deployments to verify proper patching and ensure that no unauthorized modifications have occurred during the vulnerable period. This vulnerability serves as a reminder of the critical importance of input validation and access control mechanisms in preventing unauthorized file system operations within web applications.