CVE-2023-47268: PrusaSlicer 3MF Files Can Execute Arbitrary Code

Executive Summary

A vulnerability in PrusaSlicer, the open-source 3D printing slicer used by Prusa and other printer ecosystems, allows arbitrary code execution when a user opens a maliciously crafted .3mf project file. Tracked as CVE-2023-47268 and assigned a CVSS score of 5.3 (medium severity), the flaw resides in the post-processing script handler within libslic3r/GCode/PostProcessor.cpp. An attacker can embed arbitrary shell commands in a 3mf file that execute on the host when the file is sliced and G-code is exported. The vulnerability affects PrusaSlicer through version 2.6.1. No patch has been released as of this writing, and the disclosure timeline — the CVE was published in late 2023 — has drawn criticism from security researchers who note the lack of a coordinated fix.

Technical Analysis

The vulnerability exists in the PostProcessor class of PrusaSlicer's core library. According to the NVD description and corroborating analysis from Prusa's own documentation, the flaw is triggered during the G-code export phase. When a user loads a .3mf project file, PrusaSlicer parses the embedded post-processing scripts — a feature intended to allow custom G-code modifications (e.g., adding temperature changes or pause commands). The parser does not validate or sanitize the script content before passing it to the system shell.

Specifically, the PostProcessor::process() function in libslic3r/GCode/PostProcessor.cpp (as of version 2.6.1) constructs a command string from the script content and executes it via boost::process::system() or a similar system-level call. An attacker who crafts a .3mf file with a malicious post-processing script — for example, one that includes shell metacharacters such as ;, |, or backticks — can achieve arbitrary command execution on the host. The command runs with the privileges of the user running PrusaSlicer.

The attack surface is significant because .3mf files are commonly shared among 3D printing enthusiasts, educators, and manufacturers. A user only needs to open the file in PrusaSlicer and initiate slicing — no additional interaction is required. The export step is a routine part of the workflow, meaning the exploit triggers during normal use.

PrusaSlicer's own documentation page on post-processing scripts (linked below) describes the feature's intended use but does not warn about the security implications. The documentation states that scripts are "executed after the G-code is generated" and provides examples of shell commands, but it does not mention input validation or sandboxing.

Mitigations & Recommendations

As of May 9, 2026, no official patch has been released for CVE-2023-47268. PrusaSlicer version 2.6.1 and all earlier builds are affected. The Prusa team has not publicly committed to a fix timeline.

Defenders and users should take the following steps:

• Avoid opening .3mf files from untrusted sources. Treat any .3mf file as potentially malicious, especially those downloaded from forums, email attachments, or shared repositories.
• Disable post-processing scripts if the feature is not required. In PrusaSlicer, navigate to Printer Settings → General → Post-processing scripts and clear any entries. This prevents the vulnerable code path from executing.
• Use a sandboxed environment for slicing untrusted files. Run PrusaSlicer in a virtual machine or container with limited host access.
• Monitor for updates from Prusa Research. The vulnerability is well-documented, and a fix may be included in a future release.

Organizations using PrusaSlicer in production environments — such as educational labs or manufacturing lines — should assess the risk of accepting .3mf files from external collaborators and implement file scanning or manual review processes.