Lucene search
K

150 matches found

NVD
NVD
added 2026/04/20 1:16 a.m.12 views

CVE-2026-6589

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...

5.3CVSS0.00158EPSS
Exploits0References4
NVD
NVD
added 2026/04/20 1:16 a.m.11 views

CVE-2026-6590

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

5.3CVSS0.00365EPSS
Exploits0References4
NVD
NVD
added 2026/04/20 1:16 a.m.14 views

CVE-2026-6591

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

5.3CVSS0.00366EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 1:15 a.m.33 views

CVE-2026-6592 ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...

5.1CVSS0.00253EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 1:15 a.m.3 views

CVE-2026-6592 ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...

5.1CVSS3.8AI score0.00253EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 1:15 a.m.4 views

CVE-2026-6592

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...

5.1CVSS3.8AI score0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/20 1:15 a.m.3 views

EUVD-2026-23737

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...

5.1CVSS3.8AI score0.00253EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 1:15 a.m.16 views

CVE-2026-6592

The vulnerability CVE-2026-6592 affects ComfyUI up to version 0.13.0. It concerns the userdata endpoint, specifically the getuserdata function in app/user_manager.py, which is susceptible to cross-site scripting due to input handling flaws. The flaw can be triggered remotely; the exploit has been...

5.1CVSS3.8AI score0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/20 1:0 a.m.8 views

EUVD-2026-23735

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

5.3CVSS5.2AI score0.00366EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 1:0 a.m.3 views

CVE-2026-6591 ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

5.3CVSS5.2AI score0.00366EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 1:0 a.m.22 views

CVE-2026-6591

ComfyUI up to 0.13.0 is affected by a path traversal in the LoadImage Node’s folder_paths.get_annotated_filepath (folder_paths.py). The vulnerability arises from manipulating the Name argument, enabling remote exploitation. An exploit has been published; vendor was contacted but did not respond. ...

5.3CVSS5.3AI score0.00366EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 1:0 a.m.5 views

CVE-2026-6591

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

5.3CVSS5.2AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/20 12:45 a.m.5 views

EUVD-2026-23733

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 12:45 a.m.37 views

CVE-2026-6590 ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

5.3CVSS0.00365EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 12:45 a.m.6 views

CVE-2026-6590

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 12:45 a.m.6 views

CVE-2026-6590 ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 12:45 a.m.10 views

CVE-2026-6590

ComfyUI (up to version 0.13.0) contains a path traversal vulnerability in the Model Preview Endpoint (get_model_preview in app/model_manager.py). The issue can be triggered remotely, and an exploit is publicly available. Impact details are described in the CVE entries, but remediation steps are n...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 12:30 a.m.2 views

CVE-2026-6589

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...

5.3CVSS5.1AI score0.00158EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 12:30 a.m.13 views

CVE-2026-6589

The CVE affects ComfyUI up to version 0.13.0, specifically the function create_origin_only_middleware in server.py. The root cause is a manipulation that enables cross-site request forgery (CSRF). Exploitation is described as possible remotely, with a publicly disclosed exploit. Availability of a...

5.3CVSS5.2AI score0.00158EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 12:30 a.m.5 views

CVE-2026-6589 ComfyUI server.py create_origin_only_middleware cross-site request forgery

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...

5.3CVSS5.1AI score0.00158EPSS
Exploits0References4
Rows per page
Query Builder