Skip to main content

Comfyui EUVD-2026-23731

| CVE-2026-6589 LOW
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-04-20 VulDB
CSRF Comfyui
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

8
Severity Changed
Apr 29, 2026 - 01:12 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:12 NVD
5.3 (MEDIUM) 2.1 (LOW)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
CVSS changed
Apr 20, 2026 - 01:22 NVD
4.3 (MEDIUM) 5.3 (MEDIUM)
Analysis Generated
Apr 20, 2026 - 01:18 vuln.today
EUVD ID Assigned
Apr 20, 2026 - 01:15 euvd
EUVD-2026-23731
Analysis Generated
Apr 20, 2026 - 01:15 vuln.today
CVE Published
Apr 20, 2026 - 00:30 nvd
LOW 2.1

DescriptionCVE.org

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Cross-site request forgery (CSRF) in ComfyUI up to version 0.13.0 allows unauthenticated remote attackers to modify application state via crafted requests to the create_origin_only_middleware function in server.py. The vulnerability requires user interaction (clicking a malicious link or visiting an attacker-controlled site) but has low integrity impact and is publicly exploitable with proof-of-concept code available. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft malicious webpage with CSRF payload
Delivery
Host on attacker-controlled site
Exploit
Social engineer user to visit while logged into ComfyUI
Install
Browser sends authenticated request without CSRF token validation
C2
Server accepts forged request via create_origin_only_middleware
Execute
Attacker modifies ComfyUI application state
Impact
Impact limited to workflow/model parameter changes
Sign in to reveal

Vulnerability AssessmentAI

Exploitation User must have an active authenticated session with ComfyUI at the time the CSRF payload is delivered. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability presents moderate real-world risk with several mitigating factors. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious webpage or email containing a hidden form or script that targets the ComfyUI server running on a victim's local network or public instance. When a user with an active ComfyUI session visits the attacker's page, the embedded request (e.g., an image tag, fetch request, or form submission) exploits the CSRF vulnerability in create_origin_only_middleware to perform unauthorized actions such as modifying model settings, altering workflow parameters, or injecting malicious nodes into the user's session. …
Remediation Upgrade ComfyUI to a version released after the disclosure; however, no specific patched version number is confirmed in available data due to lack of vendor response. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-23731 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy