PatchSiren

manyfold3d CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH manyfold3d CVE published 2026-07-16

CVE-2026-46336

CVE-2026-46336 is a path traversal vulnerability in Manyfold, a self-hosted web application for managing 3D models. Authenticated users can rename uploaded files with path traversal sequences because app/models/model_file.rb uses the user-controlled filename in File.join(model.path, filename) without sufficient sanitization, allowing files to be moved or written outside the configured library directory. T [truncated]