150 matches found
CVE-2026-6589
A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...
CVE-2026-6590
A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...
CVE-2026-6591
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-6592 ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-6592 ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-6592
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...
EUVD-2026-23737
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-6592
The vulnerability CVE-2026-6592 affects ComfyUI up to version 0.13.0. It concerns the userdata endpoint, specifically the getuserdata function in app/user_manager.py, which is susceptible to cross-site scripting due to input handling flaws. The flaw can be triggered remotely; the exploit has been...
EUVD-2026-23735
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-6591 ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-6591
ComfyUI up to 0.13.0 is affected by a path traversal in the LoadImage Node’s folder_paths.get_annotated_filepath (folder_paths.py). The vulnerability arises from manipulating the Name argument, enabling remote exploitation. An exploit has been published; vendor was contacted but did not respond. ...
CVE-2026-6591
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...
EUVD-2026-23733
A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...
CVE-2026-6590 ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal
A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...
CVE-2026-6590
A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...
CVE-2026-6590 ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal
A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function getmodelpreview of the file app/modelmanager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The...
CVE-2026-6590
ComfyUI (up to version 0.13.0) contains a path traversal vulnerability in the Model Preview Endpoint (get_model_preview in app/model_manager.py). The issue can be triggered remotely, and an exploit is publicly available. Impact details are described in the CVE entries, but remediation steps are n...
CVE-2026-6589
A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...
CVE-2026-6589
The CVE affects ComfyUI up to version 0.13.0, specifically the function create_origin_only_middleware in server.py. The root cause is a manipulation that enables cross-site request forgery (CSRF). Exploitation is described as possible remotely, with a publicly disclosed exploit. Availability of a...
CVE-2026-6589 ComfyUI server.py create_origin_only_middleware cross-site request forgery
A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...