Skip to main content

ComfyUI-Copilot CVE-2026-13493

| EUVDEUVD-2026-39992 LOW
Improper Control of Resource Identifiers ('Resource Injection') (CWE-99)
2026-06-28 VulDB GHSA-cjxx-6mf8-hqmw
1.3
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.3 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.1 LOW

Network-reachable API endpoint (AV:N) requires authenticated session (PR:L); high complexity (AC:H) because attacker must enumerate valid cross-session identifiers; confidentiality-only impact (C:L), no integrity or availability effect.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
Jun 28, 2026 - 13:22 NVD
2.3 (LOW) 1.3 (LOW)
Source Code Evidence Fetched
Jun 28, 2026 - 13:16 vuln.today
Analysis Generated
Jun 28, 2026 - 13:16 vuln.today

DescriptionCVE.org

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

AnalysisAI

Workflow checkpoint endpoints in ComfyUI-Copilot up to 2.0.28 expose an insecure direct object reference (IDOR) flaw - the restore_workflow_checkpoint and update_workflow_ui handlers in conversation_api.py accept externally supplied version identifiers without verifying that the referenced checkpoint belongs to the requesting session, enabling an authenticated remote attacker to read workflow data owned by other sessions. The CVSS 4.0 score of 2.3 reflects limited confidentiality-only impact and high attack complexity (AC:H) due to the need to enumerate valid cross-session identifiers. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid session credentials for target instance
Delivery
Send HTTP request to restore_workflow_checkpoint with enumerated version_id from another session
Exploit
Backend skips session ownership check and queries WorkflowVersion by ID only
Execution
Database returns cross-session checkpoint data
Impact
Attacker reads disclosed workflow configuration

Vulnerability AssessmentAI

Exploitation Exploitation requires an active authenticated session on the ComfyUI-Copilot instance (PR:L) - the attacker must possess a valid session token for the same deployment being targeted. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) yields a base score of 2.3, reflecting the combination of network accessibility offset by high attack complexity and limited confidentiality-only impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user on a shared ComfyUI-Copilot deployment enumerates valid integer version_id values - for example by incrementing from their own checkpoint IDs - and issues crafted HTTP requests to the restore_workflow_checkpoint endpoint supplying those foreign identifiers. Because the handler performs no session ownership check, the server returns the target session's full workflow checkpoint data including workflow_data_ui configuration. …
Remediation No patched release version has been confirmed - the fix exists only as the open PR #150 at https://github.com/AIDC-AI/ComfyUI-Copilot/pull/150, which administrators can manually apply by cherry-picking or patching the changes to conversation_api.py, workflow_table.py, and workflow_rewrite_tools.py as shown in the diff. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-1000083 HIGH POC
7.8 Sep 05

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e

CVE-2024-3568 CRITICAL POC
9.6 Apr 10

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data

CVE-2026-24747 HIGH POC
8.8 Jan 27

PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]

CVE-2022-41604 HIGH POC
8.8 Sep 27

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. Rated high sever

CVE-2024-24919 HIGH POC
8.6 May 28

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the inte

CVE-2026-58659 HIGH POC
8.4 Jul 15

Remote code execution in PyTorch Lightning through 2.6.5 allows an attacker who can get a victim to load a malicious che

CVE-2019-8461 HIGH POC
7.8 Aug 29

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH lo

CVE-2019-8452 HIGH POC
7.8 Apr 22

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security clien

CVE-2013-7350 CRITICAL
10.0 Apr 01

Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x bef

CVE-2026-31214 CRITICAL
9.8 May 12

Arbitrary code execution via torch-checkpoint-shrink.py script in ml-engineering project allows remote attackers to exec

CVE-2019-8459 CRITICAL
9.8 Jun 20

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without us

CVE-2026-31222 HIGH
8.8 May 12

Arbitrary code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load malicious model checkpoin

Share

CVE-2026-13493 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy