Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Feb 26, 2026

Manyfold vulnerable to session hijack via cookie leakage in proxy caches

CVE-2026-27933

Description

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue.

Affected products

Manyfold3d/Manyfoldllm-fuzzy2 versions
<0.133.0+ 1 more
- (no CPE)range: <0.133.0
- (no CPE)range: < 0.133.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/manyfold3d/manyfold/releases/tag/v0.133.0mitrex_refsource_MISC
github.com/manyfold3d/manyfold/security/advisories/GHSA-g949-hmvj-2r76mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000