PatchSiren cyber security CVE debrief

CVE-2023-47268 Prusa3d CVE debrief

CVE-2023-47268 describes a code execution risk in PrusaSlicer’s G-code post-processing path. According to NVD, a crafted 3MF project file can execute arbitrary code on the host when the project is sliced and G-code is exported. The issue is scoped to PrusaSlicer versions through 2.6.1 and is rated medium severity in the supplied record.

Vendor: Prusa3d
Product: CVE-2023-47268
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-08
Original CVE updated: 2026-05-11
Advisory published: 2026-05-08
Advisory updated: 2026-05-11

Who should care

Organizations and individuals who open untrusted 3MF projects in PrusaSlicer, especially teams that automate slicing or receive project files from external sources. Workstations used to generate G-code are the primary concern because the trigger occurs during local slicing/export activity.

Technical summary

The supplied NVD record maps this issue to PrusaSlicer versions up to 2.6.1 and identifies CWE-77 (Improper Neutralization of Special Elements used in a Command). The CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L indicates a local attack that requires user interaction, with potential impacts to confidentiality, integrity, and availability. NVD’s description states that a crafted 3MF project can lead to arbitrary code execution during slicing and G-code export.

Defensive priority

Medium. Prioritize if PrusaSlicer is used on sensitive engineering or production workstations, or if users regularly open third-party project files. The user-interaction requirement lowers exposure compared with fully remote attacks, but successful exploitation can still affect the host running the slicer.

Recommended defensive actions

Upgrade PrusaSlicer beyond 2.6.1 if a fixed version is available from the vendor.
Treat 3MF project files from untrusted or external sources as potentially unsafe before opening them in PrusaSlicer.
Restrict who can run slicing and G-code export tasks on production workstations.
Review any local hardening or application control policies around PrusaSlicer and related post-processing scripts.
Monitor vendor advisories and release notes for remediation guidance specific to post-processing scripts.

Evidence notes

NVD describes the issue as arbitrary code execution triggered by a crafted 3MF project during slicing and G-code export, and lists affected PrusaSlicer versions through 2.6.1. The NVD CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L, and the weakness is identified as CWE-77. The vendor documentation link included in the corpus covers PrusaSlicer post-processing scripts, which is relevant context for the affected feature area.

Official resources

CVE-2023-47268 CVE record
CVE.org
CVE-2023-47268 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected] - Product
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
Source reference
[email protected] - Not Applicable
Source reference
[email protected] - Product

The supplied record shows CVE-2023-47268 published on 2026-05-08T06:16:08.667Z and modified on 2026-05-11T12:58:54.733Z. This debrief uses those CVE/NVD dates for timing context.