Comfyui
Monthly
Cross-site scripting (XSS) in ComfyUI up to version 0.13.0 allows authenticated remote attackers to inject malicious scripts through the View Endpoint in server.py, affecting user integrity with publicly available exploit code. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting its severity despite network accessibility. ComfyUI's vendor has not responded to early disclosure attempts, and the exploit has been published on GitHub, making this a low-CVSS but publicly weaponized vulnerability affecting an AI image generation framework.
Stored cross-site scripting (XSS) in ComfyUI's userdata endpoint (getuserdata function in app/user_manager.py) allows authenticated attackers to inject malicious scripts that execute in other users' browsers. Affected versions range from 0.1 through 0.13.0. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting real-world impact, but publicly available exploit code exists and the vendor has not responded to disclosure.
Path traversal in ComfyUI up to version 0.13.0 allows authenticated remote attackers to read arbitrary files on the server by manipulating the Name argument in the LoadImage Node's folder_paths.get_annotated_filepath function. The vulnerability has publicly available exploit code and affects the image loading functionality, enabling attackers with valid credentials to access sensitive files outside intended directories.
Path traversal in ComfyUI up to version 0.13.0 allows authenticated remote attackers to read arbitrary files via manipulation of the get_model_preview function in the Model Preview Endpoint. An attacker with valid credentials can traverse the file system to access sensitive configuration files, model weights, or other data outside intended directories. Public exploit code is available, and the vendor has not provided a patched version despite early disclosure notification.
Cross-site request forgery (CSRF) in ComfyUI up to version 0.13.0 allows unauthenticated remote attackers to modify application state via crafted requests to the create_origin_only_middleware function in server.py. The vulnerability requires user interaction (clicking a malicious link or visiting an attacker-controlled site) but has low integrity impact and is publicly exploitable with proof-of-concept code available. The vendor has not responded to early disclosure notification.
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) in ComfyUI up to version 0.13.0 allows authenticated remote attackers to inject malicious scripts through the View Endpoint in server.py, affecting user integrity with publicly available exploit code. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting its severity despite network accessibility. ComfyUI's vendor has not responded to early disclosure attempts, and the exploit has been published on GitHub, making this a low-CVSS but publicly weaponized vulnerability affecting an AI image generation framework.
Stored cross-site scripting (XSS) in ComfyUI's userdata endpoint (getuserdata function in app/user_manager.py) allows authenticated attackers to inject malicious scripts that execute in other users' browsers. Affected versions range from 0.1 through 0.13.0. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting real-world impact, but publicly available exploit code exists and the vendor has not responded to disclosure.
Path traversal in ComfyUI up to version 0.13.0 allows authenticated remote attackers to read arbitrary files on the server by manipulating the Name argument in the LoadImage Node's folder_paths.get_annotated_filepath function. The vulnerability has publicly available exploit code and affects the image loading functionality, enabling attackers with valid credentials to access sensitive files outside intended directories.
Path traversal in ComfyUI up to version 0.13.0 allows authenticated remote attackers to read arbitrary files via manipulation of the get_model_preview function in the Model Preview Endpoint. An attacker with valid credentials can traverse the file system to access sensitive configuration files, model weights, or other data outside intended directories. Public exploit code is available, and the vendor has not provided a patched version despite early disclosure notification.
Cross-site request forgery (CSRF) in ComfyUI up to version 0.13.0 allows unauthenticated remote attackers to modify application state via crafted requests to the create_origin_only_middleware function in server.py. The vulnerability requires user interaction (clicking a malicious link or visiting an attacker-controlled site) but has low integrity impact and is publicly exploitable with proof-of-concept code available. The vendor has not responded to early disclosure notification.
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.