Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-27635 is a high-severity remote code execution (RCE) vulnerability in Manyfold, an open source web application for managing 3D models. The issue occurs when a logged-in user uploads a ZIP file containing a filename with shell metacharacters. This filename is not properly sanitized before being passed to a Ruby backtick command, which executes shell commands. This allows the attacker to execute arbitrary shell commands on the server running Manyfold if the model render generation feature is enabled.'}, {'type': 'paragraph', 'content': "The vulnerability arises because the ZIP extraction process uses raw filenames without sanitization, unlike direct file uploads. The unsanitized filename is passed to a shell command that invokes the 'f3d' binary, bundled in the Docker image. Exploiting this requires an authenticated user but no special privileges beyond that. The vulnerability was fixed in Manyfold version 0.133.0."}] [2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including remote code execution on the server hosting Manyfold. An attacker who is an authenticated user can execute arbitrary shell commands with the privileges of the Rails process user.

• Confidentiality impact: The attacker can access sensitive data on the server.
• Integrity impact: The attacker can modify data or files on the server.
• Availability impact: The attacker can disrupt the service, potentially causing denial of service.

However, exploitation requires that the model render generation feature is enabled, which is not enabled by default, and the attacker must be an authenticated user.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if your Manyfold installation is running a version prior to 0.133.0 with the model render generation feature enabled.

Since the exploit involves uploading a ZIP file containing filenames with shell metacharacters that get executed during background processing, you can look for suspicious files or artifacts created by such commands.

For example, the proof of concept creates a file /tmp/manyfold_pwned.txt containing the output of the id command. You can check for unexpected files like this on your system.

You can also monitor logs for unusual background job executions or unexpected shell commands triggered by the Manyfold process.

Specific commands to detect exploitation attempts might include:

• Check for the presence of suspicious files created by exploits, e.g., `ls -l /tmp/manyfold_pwned.txt`
• Search for suspicious filenames in uploaded ZIP files or job queues.
• Review Manyfold background job logs for commands invoking `f3d` with unusual parameters.
• Use system process monitoring tools (e.g., `ps aux | grep manyfold` or `strace` on the Manyfold process) to detect unexpected shell command executions.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade Manyfold to version 0.133.0 or later, where this vulnerability has been fixed.

If upgrading immediately is not possible, you should disable the model render generation feature, as the vulnerability requires this feature to be enabled to be exploitable.

Additionally, restrict authenticated user permissions to only trusted users, since the exploit requires an authenticated user.

Review and monitor your system for any signs of exploitation as described in detection steps.

If you are using Docker images, ensure you update to the Docker image tagged with git SHA 1697857 or later.

Useful 0 Not Useful 0