CVE-2023-47268

MEDIUM

Prusa PrusaSlicer through 2.6.1 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-47268. PoCs published by Pallangyo98.

AI-analyzed exploit summary This is a technical writeup detailing the exploitation chain for the Trickster HTB machine, including CVE-2023-47268 for privilege escalation via PrusaSlicer. It describes the steps, vulnerabilities, and techniques used to achieve full system compromise.

Description

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.

Exploits (1)

github WRITEUP
by Pallangyo98 · poc
https://github.com/Pallangyo98/Trickster-HTB

This is a technical writeup detailing the exploitation chain for the Trickster HTB machine, including CVE-2023-47268 for privilege escalation via PrusaSlicer. It describes the steps, vulnerabilities, and techniques used to achieve full system compromise.

Classification
Writeup 90%
Attack Type
Other
Complexity
Complex
Reliability
Reliable
Target: PrusaSlicer (version not specified)
Auth required
Prerequisites: Access to PrestaShop with XSS vulnerability · Database credentials extraction · ChangeDetection.io SSTI vulnerability · PrusaSlicer installed on the target system
devstral-2 · analyzed May 08, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.3
EPSS 0.0073
EPSS Percentile 49.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-77
Status published
Products (1)
prusa3d/prusaslicer < 2.6.1
Published May 08, 2026
Tracked Since May 08, 2026