CVE-2026-27933

Sažetak

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue.

Reference

https://github.com/manyfold3d/manyfold/releases/tag/v0.133.0
https://github.com/manyfold3d/manyfold/security/advisories/GHSA-g949-hmvj-2r76

CVSS

Base:	6.8
Impact:	5.2
Exploitability:	1.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Zadnje važnije ažuriranje

27-02-2026 - 17:27

Objavljeno

26-02-2026 - 00:16