CVE-2026-28225 Overview
CVE-2026-28225 is an Authorization Bypass vulnerability affecting Manyfold, an open source, self-hosted web application for managing collections of 3D models with a focus on 3D printing workflows. Prior to version 0.133.1, the get_model method in ModelFilesController loads models using Model.find_param(params[:model_id]) without utilizing policy_scope(), effectively bypassing Pundit authorization checks. This flaw allows unauthorized users to potentially access model resources they should not have permission to view.
Critical Impact
Unauthorized access to 3D model resources due to missing authorization scope in the ModelFilesController, potentially exposing private models to unauthenticated or unauthorized users.
Affected Products
- Manyfold versions prior to 0.133.1
Discovery Timeline
- 2026-02-26 - CVE CVE-2026-28225 published to NVD
- 2026-02-26 - Last updated in NVD database
Technical Details for CVE-2026-28225
Vulnerability Analysis
This vulnerability stems from an inconsistent implementation of Pundit authorization across Manyfold's controller architecture. In Ruby on Rails applications using Pundit for authorization, the policy_scope() method is essential for ensuring that database queries only return records the current user is authorized to access.
The vulnerable get_model method at lines 158-160 in ModelFilesController directly calls Model.find_param(params[:model_id]) to locate model records. This approach retrieves any model matching the provided ID parameter without verifying whether the requesting user has appropriate access permissions.
In contrast, other controllers in the application correctly implement authorization by using policy_scope(Model).find_param(). For example, ModelsController at line 263 properly wraps the query within a policy scope, ensuring only authorized records are accessible.
Root Cause
The root cause is CWE-639: Authorization Bypass Through User-Controlled Key. The ModelFilesController fails to apply authorization scoping when retrieving model records, allowing attackers to access resources by manipulating the model_id parameter. This inconsistency in authorization implementation creates a security gap where the controller trusts user-supplied input without validating access rights.
Attack Vector
The attack vector is network-based, requiring no user interaction or authentication. An attacker can exploit this vulnerability by sending crafted HTTP requests to the ModelFilesController endpoints with arbitrary model_id values. By iterating through model IDs or using predictable identifiers, attackers can access private 3D model resources without proper authorization. The attack complexity is low as it only requires knowledge of valid model identifiers or enumeration capabilities.
Detection Methods for CVE-2026-28225
Indicators of Compromise
- Unusual access patterns to model file endpoints from unauthenticated sessions
- HTTP requests to /models/:model_id/files endpoints with sequential or enumerated model IDs
- Access logs showing requests for model resources by users without corresponding authorization grants
- Anomalous traffic patterns indicating resource enumeration attempts
Detection Strategies
- Monitor application logs for requests to ModelFilesController endpoints from unauthorized sessions
- Implement rate limiting and alerting on rapid sequential requests to model file endpoints
- Review access logs for patterns of model ID enumeration or brute-force attempts
- Deploy web application firewall rules to detect and block enumeration attacks
Monitoring Recommendations
- Enable detailed logging for all model access requests including user context and authorization decisions
- Configure alerts for access attempts to private models by unauthorized users
- Monitor for anomalous spikes in requests to model file endpoints
- Review authorization audit logs regularly for access to resources outside user scope
How to Mitigate CVE-2026-28225
Immediate Actions Required
- Upgrade Manyfold to version 0.133.1 or later immediately
- Review access logs for potential unauthorized access to model resources prior to patching
- Audit any sensitive 3D model data that may have been exposed to unauthorized parties
- Verify all controller methods consistently implement policy_scope() for authorization
Patch Information
Version 0.133.1 of Manyfold resolves this vulnerability by implementing proper Pundit authorization scoping in the ModelFilesController. The fix ensures that the get_model method now uses policy_scope(Model).find_param() consistently with other controllers in the application. Full patch details are available in the GitHub Release v0.133.1 and the GitHub Security Advisory GHSA-v8pw-3r2f-3fqm.
Workarounds
- If immediate patching is not possible, consider restricting access to the application at the network level
- Implement additional authentication requirements at the reverse proxy or web server level for model file endpoints
- Disable public access to the Manyfold instance until the patch can be applied
- Review and audit user access to sensitive model resources manually
# Upgrade Manyfold to patched version
docker pull manyfold3d/manyfold:v0.133.1
# Or if using source installation
git fetch --tags
git checkout v0.133.1
bundle install
rails db:migrate
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
