Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
Manyfold versions before 0.133.0 allow hackers to steal user sessions
CVE-2026-27933
Summary
If you use Manyfold to manage 3D models, versions before 0.133.0 are susceptible to a security risk that could allow an attacker to take control of your account. This is because the application does not properly handle proxy caches, which can leak sensitive information about your session. To fix the issue, update to version 0.133.0 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| manyfold | manyfold | <= 0.133.0 | – |
Original title
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via c...
Original description
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue.
nvd CVSS3.1
6.8
Vulnerability type
CWE-613
- https://github.com/manyfold3d/manyfold/releases/tag/v0.133.0 Product Release Notes
- https://github.com/manyfold3d/manyfold/security/advisories/GHSA-g949-hmvj-2r76 Exploit Vendor Advisory
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026