CVE-2023-47268
Arbitrary Code Execution in PrusaSlicer via Malicious 3MF Project
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| prusa_research | prusaslicer | to 2.6.1 (inc) |
| prusa_research | slic3r | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-47268 is an arbitrary code execution vulnerability in PrusaSlicer versions up to and including 2.6.1. It occurs because a crafted 3mf project file can embed a malicious post-processing script within the 'Metadata/Slic3r_PE.config' file inside the project archive. When a user slices the project and exports the G-code, this embedded script executes arbitrary code on the host machine.
The vulnerability arises from the way PrusaSlicer handles post-processing scripts, which are executed on a temporary G-code file before the final output is generated. This allows malicious scripts to run with the privileges of the user slicing the project.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution on your computer when you open and slice a maliciously crafted 3mf project file in PrusaSlicer. This means an attacker could run any code they want on your system, potentially leading to unauthorized access, data theft, system compromise, or other malicious activities.
On Linux systems, the exploit can be triggered via command-line interface, while on Windows, it can be triggered by opening the malicious file in the GUI and exporting G-code, which may cause unexpected pop-up messages or other malicious behavior.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious post-processing scripts embedded within 3mf project files used by PrusaSlicer versions up to 2.6.1. On Linux systems, detection can involve looking for evidence of arbitrary code execution such as the creation of unexpected files like '/tmp/hax' after slicing a suspicious 3mf project file.
Specifically, on Linux, you can run the vulnerable version of PrusaSlicer from the command line to slice a suspicious 3mf file and then check if the file '/tmp/hax' has been created as a sign of exploitation.
On Windows, detection involves opening the suspicious 3mf file in the PrusaSlicer GUI and exporting the G-code; a pop-up message may appear if the exploit is triggered.
There are no explicit commands provided in the resources, but monitoring for unexpected file creation in temporary directories and suspicious pop-ups during G-code export are practical detection methods.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of PrusaSlicer versions up to and including 2.6.1, as these are vulnerable to arbitrary code execution via crafted 3mf project files.
Upgrade to the latest version of PrusaSlicer, such as version 2.9.4 or later, which includes fixes and improvements that prevent this vulnerability.
Ensure that any post-processing scripts used are from trusted sources and properly validated before execution to prevent unauthorized code execution.
Avoid opening or slicing 3mf project files from untrusted or unknown sources to reduce the risk of exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided context and resources do not contain specific information about how CVE-2023-47268 affects compliance with common standards and regulations such as GDPR or HIPAA.