HIGH
manyfold3d
CVE published 2026-07-16
CVE-2026-46336
CVE-2026-46336 is a path traversal vulnerability in Manyfold, a self-hosted web application for managing 3D models. Authenticated users can rename uploaded files with path traversal sequences because app/models/model_file.rb uses the user-controlled filename in File.join(model.path, filename) without sufficient sanitization, allowing files to be moved or written outside the configured library directory. T [truncated]