prusa3d CVE Vulnerabilities & Metrics

Focus on prusa3d vulnerabilities and metrics.

Last updated: 12 May 2026, 22:25 UTC

About prusa3d Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with prusa3d. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total prusa3d CVEs: 6
Earliest CVE date: 10 Feb 2021, 22:15 UTC
Latest CVE date: 08 May 2026, 06:16 UTC

Latest CVE reference: CVE-2023-47268

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical prusa3d CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.38

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	5
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS prusa3d CVEs

These are the five CVEs with the highest CVSS scores for prusa3d, sorted by severity first and recency.

CVE-2020-28594 prusa3d Published on 17 Aug 2021, 20:15 UTC (CVSS: 6.8)
A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-28598 prusa3d Published on 08 Jul 2021, 12:15 UTC (CVSS: 6.8)
An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-28596 prusa3d Published on 10 Feb 2021, 22:15 UTC (CVSS: 6.8)
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-28595 prusa3d Published on 10 Feb 2021, 22:15 UTC (CVSS: 6.8)
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-27438 prusa3d Published on 06 Jun 2022, 23:15 UTC (CVSS: 5.1)
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

All CVEs for prusa3d

CVE-2023-47268 prusa3d vulnerability CVSS: 0 08 May 2026, 06:16 UTC

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.

CVE-2022-27438 prusa3d vulnerability CVSS: 5.1 06 Jun 2022, 23:15 UTC

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

CVE-2020-28594 prusa3d vulnerability CVSS: 6.8 17 Aug 2021, 20:15 UTC

A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2020-28598 prusa3d vulnerability CVSS: 6.8 08 Jul 2021, 12:15 UTC

An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2020-28596 prusa3d vulnerability CVSS: 6.8 10 Feb 2021, 22:15 UTC

A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2020-28595 prusa3d vulnerability CVSS: 6.8 10 Feb 2021, 22:15 UTC

An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.