CVE-2026-27933 | THREATINT

Description

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue.

PUBLISHED Reserved 2026-02-25 | Published 2026-02-25 | Updated 2026-02-26 | Assigner GitHub_M

MEDIUM: 6.8CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Problem types

CWE-613: Insufficient Session Expiration

Product status

< 0.133.0

affected

References

github.com/...nyfold/security/advisories/GHSA-g949-hmvj-2r76

github.com/manyfold3d/manyfold/releases/tag/v0.133.0

cve.org (CVE-2026-27933)

nvd.nist.gov (CVE-2026-27933)

Download JSON