Hi, 
Guest
Pic
Sign In

discuss@lists.openscad.org

OpenSCAD general discussion Mailing-list

View all threads

Malicious Blender files

JB
Jordan Brown
Thu, Mar 12, 2026 6:47 AM

I’ve long been concerned by the possibility of malicious OpenSCAD files, which is why I’ve been concerned about Python tie-ins, and about anything that allows a program to write files.

However, mostly I considered it to be a theoretical problem only, that the number of potential targets would be too small to attract villains’ attention.

It seems that I was not paranoid enough.

https://www.reddit.com/r/printablescom/comments/1r02zup/repost_warning_active_phishing_campaign_on/

This article tells of campaign of attacks on Blender, where a malicious BLEND file from printables.com includes a malicious Python script, which would attack you if you had the “automatically run Python scripts” option set… not set by default, but possible to set.

The threat seems to be too close for comfort. PythonSCAD adoption is negligible now, but it seems that 3D models are a large enough target to get attention. Please be careful when running downloaded PythonSCAD programs.

I’ve long been concerned by the possibility of malicious OpenSCAD files, which is why I’ve been concerned about Python tie-ins, and about anything that allows a program to write files. However, mostly I considered it to be a theoretical problem only, that the number of potential targets would be too small to attract villains’ attention. It seems that I was not paranoid enough. https://www.reddit.com/r/printablescom/comments/1r02zup/repost_warning_active_phishing_campaign_on/ This article tells of campaign of attacks on Blender, where a malicious BLEND file from printables.com includes a malicious Python script, which would attack you if you had the “automatically run Python scripts” option set… not set by default, but possible to set. The threat seems to be too close for comfort. PythonSCAD adoption is negligible now, but it seems that 3D models are a large enough target to get attention. Please be careful when running downloaded PythonSCAD programs.
GH
gene heskett
Thu, Mar 12, 2026 10:30 AM

On 3/12/26 02:48, Jordan Brown via Discuss wrote:

I’ve long been concerned by the possibility of malicious OpenSCAD files, which is why I’ve been concerned about Python tie-ins, and about anything that allows a program to write files.

However, mostly I considered it to be a theoretical problem only, that the number of potential targets would be too small to attract villains’ attention.

It seems that I was not paranoid enough.

https://www.reddit.com/r/printablescom/comments/1r02zup/repost_warning_active_phishing_campaign_on/

This article tells of campaign of attacks on Blender, where a malicious BLEND file from printables.com includes a malicious Python script, which would attack you if you had the “automatically run Python scripts” option set… not set by default, but possible to set.

The threat seems to be too close for comfort. PythonSCAD adoption is negligible now, but it seems that 3D models are a large enough target to get attention. Please be careful when running downloaded PythonSCAD programs.

I'm with Jordan on this. Most of us are savvy enough by now to recognize
bad acting code in what we share here, but fewer of us have that same
familiarity with python.

OpenSCAD mailing list
To unsubscribe send an email to discuss-leave@lists.openscad.org

Cheers, Gene Heskett, CET.

"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.

  • Louis D. Brandeis
    Don't poison our oceans, interdict drugs at the src.
On 3/12/26 02:48, Jordan Brown via Discuss wrote: > I’ve long been concerned by the possibility of malicious OpenSCAD files, which is why I’ve been concerned about Python tie-ins, and about anything that allows a program to write files. > > However, mostly I considered it to be a theoretical problem only, that the number of potential targets would be too small to attract villains’ attention. > > It seems that I was not paranoid enough. > > https://www.reddit.com/r/printablescom/comments/1r02zup/repost_warning_active_phishing_campaign_on/ > > This article tells of campaign of attacks on Blender, where a malicious BLEND file from printables.com includes a malicious Python script, which would attack you if you had the “automatically run Python scripts” option set… not set by default, but possible to set. > > The threat seems to be too close for comfort. PythonSCAD adoption is negligible now, but it seems that 3D models are a large enough target to get attention. Please be careful when running downloaded PythonSCAD programs. I'm with Jordan on this. Most of us are savvy enough by now to recognize bad acting code in what we share here, but fewer of us have that same familiarity with python. > > _______________________________________________ > OpenSCAD mailing list > To unsubscribe send an email to discuss-leave@lists.openscad.org Cheers, Gene Heskett, CET. -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author, 1940) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Don't poison our oceans, interdict drugs at the src.
Empathy v1.0   2026 ©emwd.com
Documentation